Back to skill
Skillv2.0.1
VirusTotal security
Partycraft · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:16 AM
- Hash
- da8968c316f290a29ac97bb12d4b4fbc6f92635ce3695e22808c3ba76fb718ef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: partycraft Version: 2.0.1 The skill bundle contains a critical Python injection vulnerability in `scripts/script.sh`. Shell variables (such as event names, dates, and task descriptions) are directly embedded into Python heredocs without sanitization, allowing for arbitrary Python code execution (RCE) via crafted inputs. While the tool's logic for event planning appears legitimate and there is no evidence of intentional data exfiltration or backdoors, the insecure implementation of data handling poses a significant security risk.
- External report
- View on VirusTotal