Back to skill
Skillv0.6.3
VirusTotal security
Pylinter Assist · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 30, 2026, 3:06 PM
- Hash
- c5d76e7b41d35bf0a985136cbc1a8b10a83db76da5c9b6611643f5a08f6254da
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pylinter-assist Version: 0.6.3 The skill is a Python linting utility that integrates with GitHub Actions and includes a monitoring feature for workflow artifacts. It contains a potential 'Zip Slip' vulnerability in 'pylinter_assist/github_actions.py' where it uses 'zipfile.extractall()' on downloaded artifacts without validating file paths, which could allow arbitrary file writes if a malicious repository is monitored. Additionally, the 'monitor' command in 'pylinter_assist/cli.py' facilitates sending lint reports to external endpoints (Telegram, Discord, Slack) via user-provided webhooks. While these capabilities are aligned with the stated purpose and the documentation includes security warnings, the lack of input sanitization during ZIP extraction and the handling of secrets via CLI arguments meet the criteria for a suspicious classification.
- External report
- View on VirusTotal