Back to skill
Skillv1.0.0
VirusTotal security
Survival Analysis (KM) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- db6e0e76cb08c334cc3691832e7478b6748d807b88ea16fd3e4c5efa459d231c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: survival-analysis-km Version: 1.0.0 The skill bundle is classified as suspicious due to path traversal vulnerabilities in `scripts/main.py`. The `--input` and `--output` arguments are used directly with `pd.read_csv`, `os.path.exists`, `os.makedirs`, `plt.savefig`, `df.to_csv`, and `open()` without proper sanitization, allowing an attacker to potentially read or write files to arbitrary locations on the file system (e.g., using `../` sequences). While this represents a significant security flaw, there is no clear evidence of intentional malicious behavior such as data exfiltration, backdoor installation, or unauthorized remote control. The `SKILL.md` documentation itself does not contain prompt injection attempts and accurately claims no external network access, which is verified by the code.
- External report
- View on VirusTotal