Back to skill
Skillv0.1.0
VirusTotal security
Incident Hotfix · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- 80f63b193aeb42a040214a2f1ef1084054b3b3641dbb3fc221fdf4cd17d9c01f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: incident-hotfix Version: 0.1.0 The skill is classified as suspicious due to shell injection vulnerabilities. Specifically, `scripts/start_hotfix.sh` uses the `--base` argument directly in `git checkout "$BASE"` without sanitization, creating a potential command injection risk if an attacker can control this input. Additionally, the `--id` argument, while sanitized for branch names, is used unsanitized in `mkdir -p "docs/incidents/${ID}/evidence"` and for creating other filenames in both `scripts/start_hotfix.sh` and `scripts/capture_evidence.sh`, which could lead to file system manipulation. There is no evidence of intentional malicious behavior like data exfiltration or persistence, and the `env` capture is appropriately filtered.
- External report
- View on VirusTotal