Back to skill
Skillv1.0.0
VirusTotal security
Skill 2 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- d29b700bbf6048e80b4e3287718ab81f0a0d3773e867d0e6831ee55071524919
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-2 Version: 1.0.0 The `main.py` script contains a Cross-Site Scripting (XSS) vulnerability. User-provided URLs in Markdown links and images (e.g., `[text](url)` or ``) are directly inserted into the output HTML's `href` and `src` attributes without proper sanitization. This allows an attacker to inject `javascript:` URLs, leading to arbitrary JavaScript execution when the generated HTML is viewed, making the skill's output potentially malicious.
- External report
- View on VirusTotal