Back to skill
Skillv0.4.0
VirusTotal security
Slither Audit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:15 AM
- Hash
- a338a82d4f0360ee87200b6926ad6dd8ce732acd4c1cb3edc4b17a2fe6a7c111
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slither-audit Version: 0.4.0 The `slither-audit.py` script executes the `slither` command using `subprocess.run` with a user-provided `contract_path`. While `subprocess.run` with a list of arguments mitigates direct shell injection, passing user-controlled input directly to an external command introduces a potential command/argument injection vulnerability, which could lead to Remote Code Execution (RCE) if the `slither` tool or the underlying system is exploitable. This is a significant vulnerability, but there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or explicit harmful instructions), thus classifying it as 'suspicious' rather than 'malicious'.
- External report
- View on VirusTotal