vwu.ai Sihai Models
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: vwu-sihai Version: 1.0.0 The skill bundle contains a shell script `vwu-chat.sh` that is vulnerable to command injection. The script expands the `$PROMPT` and `$MODEL` variables directly within a double-quoted string passed to the `curl` command, which allows for arbitrary command execution via command substitution (e.g., `$(cmd)`) if the input is not sanitized. While the script's stated purpose is to provide a legitimate interface for the vwu.ai API, the lack of input escaping in the shell script constitutes a significant security vulnerability.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing or using the skill may spend quota or expose account access if the API key is mishandled.
The script reads an API key from the environment and uses it as a bearer token for account-authorized API calls.
VWU_API_KEY="${VWU_API_KEY:-}" ... -H "Authorization: Bearer $VWU_API_KEY"Use a limited/revocable vwu.ai API key, avoid sharing it in prompts or logs, and revoke it if you suspect exposure.
Sensitive prompt content could leave your local environment and be sent to vwu.ai or another configured endpoint.
User prompt content is sent to an external API endpoint, and the endpoint can be changed through VWU_BASE_URL.
VWU_BASE_URL="${VWU_BASE_URL:-https://vwu.ai}" ... "$VWU_BASE_URL/v1/chat/completions" ... "content": "$PROMPT"Do not send secrets or private data unless you trust the provider, and verify VWU_BASE_URL points to the intended endpoint.
Quotes, backslashes, or crafted text in a prompt may break the request or alter the JSON payload sent to the provider.
The script builds JSON by directly interpolating command-line model and prompt values rather than using a JSON encoder.
-d "{\n \"model\": \"$MODEL\",\n \"messages\": [{\"role\": \"user\", \"content\": \"$PROMPT\"}],\n \"stream\": false\n }"Prefer a JSON-safe construction method such as jq -n or a maintained client library before relying on this for arbitrary untrusted text.
You have less publisher/source context than with a skill that has a clear homepage and declared install details.
The skill has limited provenance metadata and no install specification, though the included script is short and directly reviewable.
Source: unknown; Homepage: none; Install specifications: No install spec
Review the included script before use and install only if you trust the publisher and the vwu.ai service.