Back to skill
Skillv1.0.0
VirusTotal security
Greenhouse · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:02 AM
- Hash
- dfc322ff925204e647982e6b0926542f065d50207d93732a14baaf86e89be45e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: greenhouse Version: 1.0.0 The `scripts/greenhouse.py` file contains a `req` function that allows the `path` argument to be a full URL, which could lead to Server-Side Request Forgery (SSRF) if the `path` argument were user-controlled. Although the current skill's commands use relative paths, this general function design is a vulnerability. Additionally, user-provided arguments like `args.id` are directly inserted into URL paths without explicit sanitization, posing a minor risk of malformed API requests. The `get_env` function also attempts to read environment variables from `~/.openclaw/workspace/.env`, which, while common, expands the search scope for credentials. No evidence of intentional malicious activity (e.g., data exfiltration to unauthorized endpoints, backdoors, or prompt injection) was found.
- External report
- View on VirusTotal