Back to skill
Skillv0.1.1
VirusTotal security
ReviewEvo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- 8e943f2e4747f0f5c2c2e84b0562640d5694eb11d2825fbeeba1b581f72ba7d5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: review-evo Version: 0.1.1 The `SKILL.md` file instructs the agent to execute shell commands, specifically `git diff main...{branch}`, where `{branch}` is user-provided input. The skill does not include explicit instructions for sanitizing this user input before it's interpolated into the shell command. This creates a potential shell injection vulnerability, which could lead to Remote Code Execution (RCE) if the OpenClaw agent does not perform adequate input sanitization. While the commands are intended for a legitimate code review purpose, the lack of input sanitization for user-controlled arguments makes the skill suspicious due to this critical vulnerability risk.
- External report
- View on VirusTotal