Back to skill
Skillv3.1.0
VirusTotal security
Apple Music DJ · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- 8d4555a024166a313cd2f9165e39ff93012d2384780e6d62a2927658a88df361
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: apple-music-dj Version: 3.1.0 The skill is classified as suspicious due to a shell injection vulnerability found in `scripts/setup_cron.py`. This script constructs cron job commands using user-supplied arguments (e.g., `--profile`, `--storefront`) and then feeds these commands directly to `crontab -`. If a malicious string containing shell metacharacters is provided as input to these arguments, it could lead to arbitrary command execution when the cron job is installed. While the skill's overall purpose is benign and it handles API tokens securely, this vulnerability poses a significant risk for remote code execution.
- External report
- View on VirusTotal