Back to skill
Skillv1.0.0
VirusTotal security
Network Scan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:25 AM
- Hash
- 5b18f34f90008df7448afd8e38b963d7053765ca94e25408d682f56c3bfcc114
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: network-scan Version: 1.0.0 The skill performs network scanning using `nmap` via the `python-nmap` library. While the `SKILL.md` is benign and the `target` parameter undergoes some validation, the `main.py` script is classified as suspicious due to the lack of comprehensive input validation for the `ports` and `exclude` parameters. These user-controlled inputs are directly incorporated into the `nmap` command arguments. Although the `python-nmap` library generally mitigates direct shell injection by passing arguments as a list, the absence of robust sanitization for all parameters represents a vulnerability that could be exploited if `nmap` or `python-nmap` has an unknown flaw in argument handling, potentially leading to unintended command execution or resource exhaustion.
- External report
- View on VirusTotal