Back to skill
Skillv1.0.1
VirusTotal security
Native Sentry · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:27 AM
- Hash
- 787a8c26e5ed5cb7fae162a0b4cd7189f75436309c09d6a09a8308897ad2b64b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: native-sentry Version: 1.0.1 The skill bundle is classified as suspicious due to a potential shell injection vulnerability. While the `sentry_api.py` script itself employs good security practices like PII redaction, `argparse`, and `urlencode` to prevent injection within its own logic, the `SKILL.md` defines commands that take arguments (e.g., `ISSUE_ID`, `EVENT_ID`, `--query`) which, if directly interpolated from unsanitized user input by the OpenClaw agent into the bash command string, could lead to arbitrary shell command execution. This represents a significant vulnerability in the agent's interaction model with the skill, rather than intentional malice within the skill's code itself.
- External report
- View on VirusTotal