Back to skill
Skillv1.0.0
VirusTotal security
Baidu Scholar Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 17, 2026, 3:06 AM
- Hash
- 8a56435ccc5423fcf4e3a5cf63774d21408e8ca154ad2d5f69006a6ecb3a0f88
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: abe-baidu-scholar-search Version: 1.0.0 The skill bundle contains a shell injection vulnerability in both `baidu_scholar_search.sh` and the embedded script in `SKILL.md`. The user-provided search query (`$WD`) is directly interpolated into a double-quoted string within a `curl` command, allowing for potential command execution if the input contains shell metacharacters (e.g., backticks or $(...)). While the tool's functionality of querying `api.heybossai.com` aligns with its stated purpose, the lack of input sanitization is a significant security flaw.
- External report
- View on VirusTotal