Back to skill
Skillv1.0.0
VirusTotal security
Blogburst 3.1.2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:24 AM
- Hash
- a2b860b97213ec37ada97739d3cbb910d1079e08b5ad17df1842a538c9d22233
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blogburst-3-1-2 Version: 1.0.0 The skill bundle instructs the AI agent to use the 'exec' tool to perform shell-based 'curl' commands against the BlogBurst API, using user-provided content (topics, URLs, messages) to construct the command strings. This pattern introduces a high risk of shell injection vulnerabilities if the agent does not properly sanitize or escape the input before execution in the shell. Additionally, the SKILL.md file explicitly directs the agent to echo the 'BLOGBURST_API_KEY' environment variable and provides instructions for users to modify their shell configuration files (~/.zshrc), which are high-privilege actions. While these behaviors appear aligned with the stated purpose of a marketing automation tool, the inherent security risks associated with unparameterized shell execution justify a suspicious classification.
- External report
- View on VirusTotal