Back to skill
Skillv1.0.1
VirusTotal security
Legal Site Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:56 AM
- Hash
- 3165caeb8d9a591e3cda3cbeb209eef0a3fe08707303e452fddfac29701ffedd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: legal-site-generator Version: 1.0.1 The skill is classified as suspicious due to a Cross-Site Scripting (XSS) vulnerability in the generated output. The `handler` function in `skill.js` directly embeds `input.appName` and `input.contactEmail` into the `dist/index.html` file without proper HTML sanitization. While the file defines a `sanitize` function and uses it in other document generation functions, the primary `handler` fails to apply it to the `index.html` it actually creates, making the output vulnerable to XSS if malicious input is provided for these parameters.
- External report
- View on VirusTotal