Back to skill
Skillv1.0.0
VirusTotal security
Wiz Migration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 6:06 PM
- Hash
- 334fa2d4e5b52076a79838a8f291239521da24803534f4559509316976b59650
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wiz-migration Version: 1.0.0 The skill is designed for migrating Wiz Note data but contains a significant shell injection vulnerability in `scripts/migrator.py`. The `_run_batch_script` function performs unsafe string replacement of user-provided directory paths into a batch script template, which is then executed using `subprocess.run(shell=True)`. While the tool's functionality aligns with its stated purpose and no evidence of intentional malice or data exfiltration was found, this implementation allows for arbitrary command execution if directory paths are maliciously crafted.
- External report
- View on VirusTotal