Back to skill
Skillv1.0.0
VirusTotal security
StripFeed · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:54 AM
- Hash
- dded0cc67117c1049caaa452e4375c70caee573642219a28fb742fc4a808ccbf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: stripfeed Version: 1.0.0 The skill is classified as suspicious due to the inherent risk of shell injection. The `SKILL.md` defines `curl` as a required binary and provides examples where user-controlled input (specifically the `url` and `selector` parameters) is interpolated into `curl` commands. If the OpenClaw agent's execution environment does not properly sanitize or escape these user-provided arguments before executing the shell command, it could lead to arbitrary command execution (RCE) by a malicious user. This represents a significant vulnerability, even though the skill itself does not explicitly instruct the agent to perform malicious actions.
- External report
- View on VirusTotal