Back to skill
Skillv1.0.0
VirusTotal security
MONK-EYE Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:27 AM
- Hash
- 14aca879bc9255842331663fb473af9765260f1f875797f1418dce753d347b65
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: monk-eye-engine Version: 1.0.0 The skill is classified as suspicious due to two main vulnerabilities. First, `scripts/oracle_engine.py` hardcodes a path to `forums.json` within a *different* skill's directory (`/root/.openclaw/workspace/skills/global-forum-oracle/forums.json`), creating a dependency vulnerability where a compromised or malicious external skill could dictate search targets. Second, `scripts/oracle_engine.py` constructs search queries using unsanitized user input (`user_query`) in the format `site:{domain} {user_query}`. While the script only prints these queries, if a downstream component (like the OpenClaw agent or a search tool) executes these strings without proper sanitization, it could lead to command injection.
- External report
- View on VirusTotal