Social Media Scheduler

Type: OpenClaw Skill Name: shelly-social-media-scheduler Version: 1.0.0 The `generate.sh` script is vulnerable to shell injection. User-supplied arguments `TOPIC` and `AUDIENCE` are directly interpolated into `cat << EOF` blocks without proper escaping or sanitization against the here-doc delimiter. If these arguments contain the string `EOF` followed by a newline, it can prematurely terminate the here-doc, allowing arbitrary commands to be executed by the shell, leading to a Remote Code Execution (RCE) vulnerability. While this is a critical flaw, there is no evidence of intentional malicious behavior such as data exfiltration or persistence within the provided files, classifying it as a vulnerability rather than malware.