Skillv1.1.0

VirusTotal security

Sop Architect · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMay 1, 2026, 4:49 AM

Hash: dd57380a035d4a271fd9ca6f2f1be0f30c3b8662b4bf9f1eeb1ec8fe1c969e54
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: sop-architect Version: 1.1.0 The `scripts/generate_sop.sh` file contains a shell injection vulnerability. The unquoted use of `$TASK_NAME` in the `echo "# SOP: $TASK_NAME" > "$FILE"` command allows for command substitution. If the `TASK_NAME` argument (derived from user input by the agent) contains constructs like `$(command)`, the embedded command will be executed, posing a remote code execution risk. This is a vulnerability that allows attacks, classifying it as suspicious rather than malicious due to the lack of clear intent for self-exploitation or other harmful actions within the skill's design.
External report: View on VirusTotal