Back to skill
Skillv1.0.0
VirusTotal security
JobTread Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:55 AM
- Hash
- bae82aadc8b34219500832b584601bb5af58e641bb02b9b5e6145843f0aa4d67
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jobtread-api Version: 1.0.0 The skill is classified as suspicious due to its explicit instruction for the AI agent to use OpenClaw's `exec` tool for `curl` commands, as detailed in `SKILL.md`. While `curl` is necessary for API interaction, the `exec` tool grants arbitrary command execution capabilities, posing a significant shell injection vulnerability risk if user inputs are not rigorously sanitized. Additionally, the skill instructs the agent to read from and write to `~/.config/jobtread/grant_key` for credential management, confirming file system interaction capabilities that, while intended for legitimate purposes, could be exploited via prompt injection to access or modify other files.
- External report
- View on VirusTotal