Back to skill
Skillv1.0.4
VirusTotal security
Noticias Cangrejo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:02 AM
- Hash
- 6a743873278b3a1ec3e2794e355974d34aabf4227990290987b588bca31d853d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: noticias-cangrejo Version: 1.0.4 The skill's core functionality is benign, fetching and summarizing news. However, the `scripts/fetch_news.py` script is vulnerable to path traversal via the `--output` argument. It allows writing the news summary to an arbitrary file path without sanitization, which could enable an attacker to overwrite or create files in sensitive locations if they can control the input to this argument. This is a significant vulnerability, but there is no evidence of intentional malicious behavior within the script itself.
- External report
- View on VirusTotal