Back to skill
Skillv2.1.1
VirusTotal security
Roadmap Communicator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
Apr 30, 2026, 5:52 AM
- Hash
- 54387f066dd4f393169675168c106ffa2535743d68043a2eeecd8053b592e7e2
- Source
- palm
- Code Insight
- Type: OpenClaw Skill Name: roadmap-communicator Version: 2.1.1 thought The user wants me to analyze an OpenClaw AgentSkills skill bundle (ZIP content provided as text). I need to classify it as `benign`, `suspicious`, or `malicious` based on specific criteria: - Data exfiltration - Malicious execution - Persistence/backdoors - Prompt injection against the agent - Obfuscation - Supply chain issues I must distinguish between vulnerabilities (suspicious) and intentional malice (malicious). Files provided: 1. `_meta.json`: Metadata about the skill. 2. `SKILL.md`: Instructions for the AI agent. 3. `scripts/changelog_generator.py`: A Python script to generate changelogs from git. 4. `references/communication-templates.md`: Markdown templates for communication. 5. `references/roadmap-templates.md`: Markdown templates for roadmaps. - `ownerId`, `slug` ("roadmap-communicator"), `version` ("2.1.1"), `publishedAt`. - Looks standard. - Describes the skill: preparing roadmap narratives, release notes, etc. - Provides guidance on roadmap formats and stakeholder updates. - Mentions a script: `python3 scripts/changelog_generator.py --from v1.0.0 --to HEAD`. - Includes a quality checklist. - No obvious prompt injection or instructions to exfiltrate data or perform unauthorized actions. - Purpose: Generate changelog sections from git log or piped input. - `SECTIONS`: Standard conventional commit types. - `DEMO_COMMITS`: Hardcoded sample data. - `get_git_log` function: - Uses `shutil.which("git")` to check for git. - Uses `subprocess.run(["git", "log", "--pretty=format:%s", commit_range], ...)` to get commit messages. - `commit_range` is constructed from `args.from_ref` and `args.to_ref`. - **Vulnerability Check**: `commit_range = f"{from_ref}..{to_ref}"`. If `from_ref` or `to_ref` contains shell metacharacters, could there be an injection? - `subprocess.run` is called with a list: `["git", "log", "--pretty=format:%s", commit_range]`. Since it's a list and `shell=True` is NOT set, shell injection via the arguments is generally mitigated by the OS/Python's handling of the argument list. However, `git` itself might interpret certain flags if the input starts with `-`. - The script uses `argparse` which helps define expected inputs. - `read_stdin`, `group_commits`, `render_markdown`, `render_text`: Standard logic for processing strings. - No network calls, no file writing (only printing to stdout), no reading of sensitive files (only git log). - Standard templates for emails and release notes. - No executable code or suspicious instructions. - Standard templates for roadmaps. - No executable code or suspicious instructions. - The skill is a tool for product managers/engineers to generate roadmap and changelog artifacts. - The Python script is a utility for parsing git logs. - The use of `subprocess.run` with a list is safe against shell injection. - There is no evidence of data exfiltration, persistence, or malicious intent. - The instructions in `SKILL.md` are aligned with the stated purpose. Classification: `benign`. ```json { "classification": "benign", "summary": "The roadmap-communicator skill is a legitimate tool for generating product management artifacts like roadmaps and changelogs. The included Python script (scripts/changelog_generator.py) safely uses subprocess.run with an argument list to interface with git, and the SKILL.md instructions are strictly aligned with the stated purpose without any signs of prompt injection or malicious intent." } ```
- External report
- View on VirusTotal