Back to skill
Skillv1.0.0
VirusTotal security
diary-conversation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 5290282bfc47fe3595da5b9f07881ae84a3130c2029e7816cf7582f94104e80c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: diary-conversation Version: 1.0.0 The skill bundle is classified as suspicious due to its explicit instructions for the AI agent to execute various `bash` commands, including `cp`, `convert` (ImageMagick), `tar`, and `git`, as detailed in `references/file-storage.md` and `references/image-handling.md`. While these commands are intended for legitimate diary management (file storage, image processing, backups, version control), they grant the AI agent significant file system access and the ability to execute external programs. This capability, if user input is not rigorously sanitized before being incorporated into these shell commands, creates a high risk of shell injection (Remote Code Execution). There is no evidence of intentional malicious behavior, but the broad and powerful shell execution capabilities represent a significant security vulnerability.
- External report
- View on VirusTotal