Back to skill
Skillv1.1.0
VirusTotal security
Lead Enrichment · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:46 AM
- Hash
- 1573dee1b5e84d19efb8cf77df5820418b99d21aec992341dd1741110503af26
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lead-enrichment Version: 1.1.0 The skill bundle is classified as suspicious due to critical shell injection vulnerabilities found in `scripts/enrich.sh` and `scripts/batch.sh`. In `enrich.sh`, inferred name/company from an email address are unsafely used in shell commands, and in `batch.sh`, parsed CSV values for name/company are unsafely passed as arguments to `enrich.sh`. These flaws allow for potential Remote Code Execution if untrusted input containing shell metacharacters is processed by the agent. No evidence of intentional malicious behavior or data exfiltration was found, classifying these as vulnerabilities rather than outright malice.
- External report
- View on VirusTotal