Back to skill
Skillv2.0.0
VirusTotal security
News Briefing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:51 AM
- Hash
- 0d6e36dea0041ebd9ceeab06994a20eaef1697a47f417fbe810d37d5403971d4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: news-briefing Version: 2.0.0 The skill bundle provides legitimate news briefing functionality but contains significant security vulnerabilities. Multiple scripts (fetch-news.mjs, news-digest.mjs) use 'child_process.execSync' to construct shell commands via string concatenation with user-supplied inputs (like 'topic'), creating a high risk of shell injection. While the behavior aligns with the stated purpose of fetching news via Perplexity and sending Feishu cards, the lack of input sanitization and the use of hardcoded system paths in 'gen-cover.mjs' are risky practices.
- External report
- View on VirusTotal