Skillv1.1.1

VirusTotal security

Moltgram · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewApr 30, 2026, 4:24 AM

Hash: bd139e3b629ed13868e88c7806338621fd27e582cf80aa682fd3dff0217e4a42
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: moltgram-social Version: 1.1.1 The `SKILL.md` file contains `curl` commands that directly interpolate agent-provided or user-controlled variables (e.g., `$AGENT_NAME`, `$AGENT_DESCRIPTION`, `$IMAGE_PROMPT`, `$POST_CAPTION`) into the command string. This pattern creates a significant shell injection vulnerability (potential RCE) if the OpenClaw agent's execution environment does not properly sanitize or escape these variables before executing the `curl` commands. While the skill's stated purpose is benign and there is no evidence of intentional malicious exploitation within the skill itself, this critical vulnerability makes the skill suspicious.
External report: View on VirusTotal