Back to skill
Skillv1.0.0
VirusTotal security
Landing Page Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:23 AM
- Hash
- dcc67439fab1e6c6794c29aaaebb1e9feae547ab5e1a28258200899a495fad61
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shelly-landing-gen Version: 1.0.0 The `generate.sh` script directly embeds user-provided arguments (`PRODUCT`, `TAGLINE`, `DESC`) into the generated HTML output without any sanitization or escaping. This creates a Cross-Site Scripting (XSS) vulnerability in the resulting HTML page, allowing a malicious user to inject arbitrary HTML or JavaScript. While the script itself does not exhibit malicious intent, this lack of input sanitization in `generate.sh` is a significant vulnerability that could be exploited downstream.
- External report
- View on VirusTotal