Back to skill
Skillv1.0.0
VirusTotal security
泉水复活 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 31, 2026, 1:26 PM
- Hash
- 4270170199846f7201d27fef71f0cee392b21adeade1d18c8a22928da2a312e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: spring-fountain-revival Version: 1.0.0 The skill provides a memory backup and restoration system but contains several high-risk vulnerabilities that could be exploited via prompt injection. Specifically, 'scripts/memory_backup.py' is vulnerable to path traversal in the 'create_snapshot' and 'restore' functions because it does not sanitize the 'label' or path arguments, and it is susceptible to a 'Zip Slip' attack during restoration. While the behavior aligns with the stated purpose of backing up memory files to a local and cloud-synced directory (defaulting to a Baidu Netdisk path on Windows), the lack of input validation in scripts intended to be executed by an AI agent (as instructed in 'SKILL.md') poses a significant security risk.
- External report
- View on VirusTotal