Back to skill
Skillv1.0.0
VirusTotal security
vwu.ai kling Models · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:32 AM
- Hash
- 2a8c02c5cbabd4f83a1283919ba3f4867200475a519866b29a27bcadbd291be4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: vwu-kling Version: 1.0.0 The skill bundle contains a shell injection vulnerability in `vwu-chat.sh` where the user-provided prompt is expanded within a double-quoted string passed to `curl`. This allows for arbitrary command execution if a crafted prompt (e.g., containing backticks or subshells) is provided to the script. While the code logic aligns with the stated purpose of interacting with the vwu.ai API, the lack of input sanitization is a significant security risk, although no clear evidence of intentional malice was identified.
- External report
- View on VirusTotal