Back to skill
Skillv1.0.1
VirusTotal security
酒店采购价格监控 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 20, 2026, 8:21 AM
- Hash
- afa81dfb6bd0e6ff85c81514bb432b5e424a6afd636dac48214a80a2d25e342c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hotel-procurement-price-check Version: 1.0.1 The skill bundle is designed for hotel procurement price comparison across various Chinese agricultural and e-commerce platforms. However, it is classified as suspicious due to a command injection vulnerability in 'scripts/query-prices.sh' and 'scripts/price-checker.sh'. The scripts pass the user-provided '$PRODUCT' variable directly into shell command strings (e.g., within web_search calls) without any input sanitization or proper escaping. While the stated intent is benign, this flaw allows an attacker to execute arbitrary shell commands within the agent's execution environment by providing a crafted product name.
- External report
- View on VirusTotal