Back to skill
Skillv2.0.2
VirusTotal security
Ai Code Helper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:09 AM
- Hash
- 87ead23fec2408cb61e09dce9e30e3c45ba9b344cda2d0a1940c0d7c35e246b4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-code-helper Version: 2.0.2 The skill is a logging utility for tracking AI agent activities, but it contains vulnerabilities in the `search` and `export` commands within `scripts/script.sh`. The `_search` function is vulnerable to option injection (e.g., passing `-f /etc/passwd` as a search term), which could allow unauthorized file reading, and the `_export` function lacks proper escaping when generating JSON, leading to potential data corruption or injection if log entries contain special characters.
- External report
- View on VirusTotal