Back to skill
Skillv3.0.0
VirusTotal security
Dockerfile Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:53 AM
- Hash
- 9255251577c246ee3a1a1a3357a99ea6ab0ed6c619a688ce100181446595c460
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dockerfile-builder Version: 3.0.0 The script `scripts/script.sh` contains shell injection vulnerabilities due to unquoted variables being passed directly to commands like `grep` and `awk` (e.g., `grep -n 'latest' $2`). Furthermore, the script has broken argument logic where functions incorrectly reference `$2` instead of `$1` after the command shift in the `main` function, rendering the tool largely non-functional. While there is no evidence of intentional malice or data exfiltration, the lack of input sanitization and poor code quality present a security risk.
- External report
- View on VirusTotal