Back to skill
Skillv1.0.0
VirusTotal security
SEO Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:22 AM
- Hash
- f2d8fa9775bfbafc8cee88b72b6e2bf29f246bf697d1af5d3a3f66716af91875
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shelly-seo-analyzer Version: 1.0.0 The `seo-analyze.sh` script is vulnerable to shell injection. The `$URL` variable, which can be directly controlled by user input, is passed unsanitized to the `curl` command. This allows an attacker to inject arbitrary shell commands that would be executed by the system running the skill. While this is a critical vulnerability, there is no clear evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or self-exploitation) within the script itself, classifying it as suspicious rather than malicious.
- External report
- View on VirusTotal