Back to skill
Skillv1.0.0
VirusTotal security
Competitor Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:29 AM
- Hash
- 683c300b236c482b484fac86e5ecce5c9f9771286798075e53dcb1a09eca154b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shelly-competitor-analyzer Version: 1.0.0 The `analyze.sh` script contains a shell injection vulnerability within its `search` function. The `python3 -c "import urllib.parse; print(urllib.parse.quote('$query'))"` command is susceptible to arbitrary code execution if the `$query` variable (derived from user input) contains unescaped single quotes, leading to a potential Remote Code Execution (RCE) risk. While this is a critical vulnerability, there is no clear evidence of intentional malicious behavior such as data exfiltration or persistence, aligning it with a 'suspicious' classification rather than 'malicious'.
- External report
- View on VirusTotal