Back to skill
Skillv1.0.0
VirusTotal security
AI Tutor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:17 AM
- Hash
- 326ea4b5b665330d67504613a8e0b9b648a5fe31f8761d5911c7e1af9627252b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tutor-ai Version: 1.0.0 The skill contains a path traversal vulnerability in `scripts/student_manager.py` because the `student_id` parameter is used to construct file paths without sanitization, which could allow reading or writing files outside the intended directory. Additionally, the script hardcodes an absolute path tied to a specific local user (`/Users/josephauto/`), which is a security anti-pattern and indicates poor portability or potential environment-specific targeting.
- External report
- View on VirusTotal