Back to skill
Skillv1.0.0
VirusTotal security
Approval Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 27, 2026, 11:46 AM
- Hash
- d03c1ad3a09b67a66e246788391277b89f3e61fd796dccec35960ea8f54c9d9b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ssa-approval-engine Version: 1.0.0 The skill bundle implements a comprehensive business approval and exception handling system with Discord integration. A critical security vulnerability exists in `src/rule-evaluator.js`, where the `evaluateApproverTriggerCondition` function uses `eval()` to process dynamic rule expressions; this could lead to Remote Code Execution (RCE) if an attacker can influence the input context (e.g., quotation data or customer names). While the code appears functionally aligned with its description and lacks clear evidence of intentional malice or data exfiltration, the use of unsafe evaluation logic and the handling of sensitive Discord bot tokens via environment variables pose a significant security risk.
- External report
- View on VirusTotal