Back to skill
Skillv1.0.0
VirusTotal security
Openclaw Rd Pipeline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:19 AM
- Hash
- fef88cd007905eea307199dab4fd7027293958d7b290b41f76212b45d0e5d533
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-rd-pipeline Version: 1.0.0 The skill bundle outlines a legitimate R&D workflow. However, the `SKILL.md` instructs the OpenClaw agent to execute `scripts/validate_status_flow.py` directly via `bash` with arguments. This direct shell execution (`bash <script> <args>`) introduces a potential shell injection vulnerability if the arguments (e.g., `--from-status`, `--to-status`, `--file`) are derived from untrusted user input without proper sanitization by the OpenClaw agent's runtime. While the Python script itself is benign and there is no evidence of intentional malicious behavior within the skill bundle, this execution pattern represents a significant security risk.
- External report
- View on VirusTotal