Back to skill
Skillv1.1.0
VirusTotal security
OpenRA-RL · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:17 AM
- Hash
- ff6e2690c0b226b77ddb9ca455036242aa4c31a6a15978bc74747996fdc9f8d8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openra-rl Version: 1.1.0 The skill bundle is classified as suspicious due to its reliance on and instruction to execute external binaries and Docker images. Specifically, `SKILL.md` instructs the agent to `pip install openra-rl` and then run `openra-rl server start`, which 'pulls the Docker image and starts the game server'. While this is the stated purpose of the skill, it introduces a significant supply chain risk, as the `openra-rl` package or its associated Docker image could be compromised, leading to arbitrary code execution or host compromise via Docker. This represents a powerful and risky capability, even without explicit malicious intent within the skill bundle itself.
- External report
- View on VirusTotal