Skillv3.1.0

VirusTotal security

葛军AI教练 · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMay 1, 2026, 1:36 PM

Hash: 51f811baedcd4dae368e1bb9a500c719576ad3e9cee466db109efda0ecaa66ec
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: gejun-math-coach Version: 3.1.0 The skill bundle contains a shell command execution template in `SKILL.md` for voice integration that incorporates an unsanitized variable (`${追问文本}`) into a `python3` system call. This creates a high risk of command injection if the OpenClaw agent executes the command without proper shell escaping, as the variable content is derived from AI-generated text influenced by user input. While the functionality appears aligned with the stated purpose of a math coach, the inclusion of raw shell commands involving dynamic content is a significant security vulnerability.
External report: View on VirusTotal