Back to skill
Skillv1.1.0
VirusTotal security
Rejection Logger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:49 AM
- Hash
- 539a281e86d3febf89383d0d7922e0d00f244ac651f3fad7ab3b0c263b75d4cf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rejection-logger Version: 1.1.0 The skill's stated purpose is benign, aiming to log agent rejections for transparency. However, the `scripts/log_rejection.sh` script is vulnerable to shell injection. It directly uses unsanitized command-line arguments (`$1`, `$2`, `$3`) within an `echo` command that appends to a file. This flaw could allow an attacker to execute arbitrary commands on the system if they can control the input provided to the script by the agent, making it a significant remote code execution risk.
- External report
- View on VirusTotal