Back to skill
Skillv1.1.2
VirusTotal security
CS Relogin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:09 AM
- Hash
- 06f1c694183bb7535f32feaa72f3b09c26bc049978dd1b895ea1d8b3c8c9e32a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cs-relogin Version: 1.1.2 The skill is suspicious due to a critical shell injection vulnerability. In `SKILL.md`, Workflow step 2 instructs the AI agent to directly embed user-provided input (`<callback-url-or-code>`) into a `bash` command string (`cs relogin "<callback-url-or-code>"`). Without explicit sanitization or robust quoting by the agent or the underlying `Bash` tool, a malicious user could inject arbitrary shell commands, potentially leading to Remote Code Execution (RCE). This is a significant vulnerability, not evidence of intentional malice.
- External report
- View on VirusTotal