Back to skill
Skillv0.0.1
VirusTotal security
Epragma Redmine Issue · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- f90f63ca244d7ef01dd8d28586a96eb843cb1805b3e1916602299941a41973aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: epragma-redmine-issue Version: 0.0.1 The skill is classified as suspicious due to a significant vulnerability in its environment variable handling logic within `scripts/lib/redmine.js`. The code attempts to support 'swapped env vars' where `REDMINE_URL` or `REDMINE_API_KEY` might contain the URL or API key interchangeably, as explicitly noted in `memory/2026-02-25.md`. This convoluted logic makes credential configuration highly error-prone, potentially leading to the API key being sent as part of the URL (if `REDMINE_API_KEY` is a URL and `REDMINE_URL` is not set) or an empty API key being used, increasing the risk of accidental credential exposure or authentication failures. While not indicative of intentional malice, this design flaw represents a critical security vulnerability in credential management.
- External report
- View on VirusTotal