Back to skill
Skillv1.0.0
VirusTotal security
用自然语言描述需求 → 自动生成需求文档 → 打开编辑器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- f27dafec53d7c61e528ad57771f0c422f36d1657356df374c8199ae05441e2a6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: coder-helper Version: 1.0.0 The skill is designed to generate a requirement document and open it in a text editor, but it contains a shell injection vulnerability in agent.py. Specifically, the open_editor function uses subprocess.Popen with shell=True on variables derived from the environment and file system, which could allow for arbitrary command execution if paths are manipulated. While the intent appears to be a benign developer utility, the insecure implementation of system calls poses a security risk.
- External report
- View on VirusTotal