Back to skill
Skillv1.2.1
VirusTotal security
Diataxis Writing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:33 AM
- Hash
- 241318b10c5acafa2abce36c66725f8051ac89a5bb89e9d3a45111fa150a09d8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: diataxis-writing Version: 1.2.1 The skill's primary purpose is benign (documentation writing). However, it is classified as 'suspicious' due to its reliance on the powerful external 'mcporter' tool and the direct passing of potentially user-controlled input (document title and content) to it via `subprocess.run` in `scripts/output-handler.py`. This presents a vulnerability risk (e.g., command injection if 'mcporter' is not robustly designed to handle arbitrary arguments, or misuse of 'mcporter's capabilities if the agent is prompted maliciously). Additionally, `scripts/output-handler.py` hardcodes a configuration path `/root/config/mcporter.json`, which is a minor information disclosure.
- External report
- View on VirusTotal