Back to skill
Skillv2.1.1
VirusTotal security
Skill Reviewer Pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- f396e5c4e2e39a4b3bdfd76b4bf806c2c59f4ed4348bdc1059453408ad08d90d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-reviewer-pro Version: 2.1.1 The skill `skill-reviewer-pro` is designed to review other OpenClaw skills. Its `SKILL.md` contains an explicit instruction for the AI agent to execute a local Python script: `python3 /home/yupeng/.npm-global/lib/node_modules/openclaw/skills/skill-creator/scripts/package_skill.py <skill-path>`. While this command is intended for legitimate skill validation, it represents a direct command execution instruction. If the `<skill-path>` argument can be manipulated by a malicious input or skill, it could lead to a shell injection vulnerability (RCE). This is classified as suspicious because it introduces a high-risk capability (command execution) that, while aligned with its stated purpose, presents a significant vulnerability risk without clear evidence of malicious intent from this specific skill.
- External report
- View on VirusTotal