Back to skill
Skillv2.0.0
VirusTotal security
Dgn To Excel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:30 AM
- Hash
- 8fcfb29fb397651a8702364ee24f39c71675447b61cfdc5af6cbf90b16826843
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dgn-to-excel Version: 2.0.0 The skill is classified as suspicious due to its reliance on executing an external, unprovided binary (`DgnExporter.exe`) via `subprocess.run` in `SKILL.md`. While the `instructions.md` file attempts to mitigate prompt injection risks by explicitly stating that `subprocess.run()` is 'used solely for invoking the DGN converter CLI tool', the core functionality introduces a significant attack surface. The `filesystem` permission is requested and justified, but the ability to execute an arbitrary external program (if `DgnExporter.exe` were malicious or if its path could be manipulated by an attacker via prompt injection) represents a high-risk vulnerability (potential RCE), even if no direct malicious intent is present in the provided files.
- External report
- View on VirusTotal