Back to skill
Skillv1.0.0
VirusTotal security
AI 项目评估助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:37 AM
- Hash
- dd70bc0f72315d680295071875c145f2db54d3c84e11b8588e7ad53a8cd0f574
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: project-evaluator Version: 1.0.0 The skill is designed to evaluate project ideas using an LLM, but it contains significant security vulnerabilities. The `SKILL.md` file provides an `exec` command template that is vulnerable to shell injection because it passes user-provided project descriptions directly into a shell command via the `--idea` flag. Additionally, `scripts/evaluate_project.py` allows writing output to arbitrary file paths provided by the user, which could lead to unauthorized file overwrites. While the logic appears intended for its stated purpose, these flaws represent a high risk of remote code execution and system compromise.
- External report
- View on VirusTotal