Back to skill
Skillv1.0.0
VirusTotal security
landing-page-generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:49 AM
- Hash
- 3dcbd899a340454d0b6fde17172b14d4bf1518d9ee27d1034b7b8ce54990a9e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cs-landing-page-generator Version: 1.0.0 The skill bundle is designed to generate landing pages, but the core generation script 'scripts/landing_page_scaffolder.py' contains significant injection vulnerabilities. It constructs Next.js/React (TSX) code by directly embedding configuration values (like titles, headlines, and URLs) into strings using f-strings without any sanitization or escaping. This allows for potential Cross-Site Scripting (XSS) or code injection in the generated output if the input data is sourced from untrusted origins. While the behavior is aligned with the stated purpose and lacks evidence of intentional malice, the lack of input sanitization is a critical vulnerability.
- External report
- View on VirusTotal