Back to skill
Skillv2.0.1
VirusTotal security
Trivia Quiz · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:02 AM
- Hash
- 623d1d6ac69a8b8b1e0e892242ad4445a83c6f882574d58fc723ddeb69530835
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: trivia-quiz Version: 2.0.1 The skill bundle contains a shell injection vulnerability in 'scripts/trivia.sh' due to an unquoted variable '$INPUT' being passed directly to a python3 command line. This allows for arbitrary command execution if a user or agent provides input containing shell metacharacters (e.g., 'play 5; touch /tmp/pwned'). While the primary logic in 'scripts/script.sh' and the instructions in 'SKILL.md' appear benign and aligned with the stated purpose of a study assistant, this vulnerability represents a significant security risk.
- External report
- View on VirusTotal