Back to skill
Skillv1.0.1
VirusTotal security
geo_skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 30, 2026, 1:16 PM
- Hash
- f986ca181c696b6b09a9c6d04f3b60dff17bf4eb090b2c91b18f2de8665fdae8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: geo-brand-diagnosis Version: 1.0.1 The skill 'geo-brand-diagnosis' (v1.0.1) is classified as suspicious due to shell injection vulnerabilities and insecure credential management within SKILL.md. The instructions direct the AI agent to store user API keys in plain text at ~/.openclaw/geo-api-key and to execute shell commands (curl, echo) that incorporate unsanitized user input, such as brand names and industry types. While the tool's functionality is consistent with its stated purpose of brand diagnosis via geo.htsjgeo.com, these patterns create a high-risk surface for command injection and credential exposure.
- External report
- View on VirusTotal