Back to skill
Skillv0.1.0
VirusTotal security
Tdd Helper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:07 AM
- Hash
- 7a3271176a22adde692539fec0f930114cab299e5e51faf94d7ed8dc335a6b90
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agents-skill-tdd-helper Version: 0.1.0 The `tdd.py` script contains multiple critical shell injection vulnerabilities. It uses `subprocess.run(..., shell=True)` to execute user-controlled input from command-line arguments (`--run`, `--tests`) and environment variables (`TEST_CMD`, `LINT_CMD`). This allows for arbitrary command execution on the host system, posing a significant Remote Code Execution (RCE) risk. While this is a severe vulnerability, there is no evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) within the script itself, aligning it with a 'suspicious' classification rather than 'malicious'.
- External report
- View on VirusTotal