Back to skill
Skillv2.0.0
VirusTotal security
Diary Force · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- b62fd71a94b973ef773a701b6f122aa7c737cc67ad3e6a1e7ee3610bc6d5bfb6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: diary-force Version: 2.0.0 The skill bundle performs high-risk operations including file system modifications, external CLI execution via subprocess, and automated Git synchronization. Specifically, `scripts/diary_force.py` and `scripts/think.py` use `os.system` and `subprocess.run(shell=True)` to execute shell commands for Git and OpenCode CLI, which are prone to shell injection if inputs are not strictly validated. Furthermore, the scripts use hardcoded absolute Windows paths (e.g., `E:/My-life/daily` and `D:/ObsidianVault/...`), which is atypical for portable skills and suggests a high level of local system access. While no explicit data exfiltration or malicious intent was found, the combination of broad system permissions and risky coding patterns warrants a suspicious classification.
- External report
- View on VirusTotal