Back to skill
Skillv0.1.0
VirusTotal security
Embodied-OS - AI Robot Control System · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:27 AM
- Hash
- 542c25e82345a372b3c77961c26e65815fc249e1bb5c11b7bbb4cb45afaef548
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: embodied-os Version: 0.1.0 The skill bundle is classified as suspicious due to the inclusion of unrelated legacy files (SKILL-OLD-VIDEO.md, SKILL-ZH-OLD-VIDEO.md) that do not match the primary 'embodied-os' slug, and the presence of instructions that facilitate shell injection. Specifically, the video generator instructions direct the AI agent to execute shell scripts using unsanitized user-provided strings (e.g., in generate-for-openclaw.sh), which creates a significant risk of Remote Code Execution (RCE) via prompt injection. While the stated purpose of robot control and video generation appears legitimate, the poor input sanitization and the requirement to clone external repositories (github.com/ZhenRobotics/openclaw-video.git) pose meaningful security risks.
- External report
- View on VirusTotal