Back to skill
Skillv1.0.0
VirusTotal security
Data Cleaning & Annotation Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:14 AM
- Hash
- 6e34f961d701fec2cf750e3f61c24187794403a00cdb9cf66f1b61d0ff4431a0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: data-cleaning-annotation-workflow Version: 1.0.0 The skill's stated purpose of data cleaning and annotation is benign. The `scripts/clean_dataset.py` file performs standard data processing operations without suspicious behavior. However, the `scripts/download_kaggle.sh` script directly uses user-provided arguments (`$DATASET_NAME`, `$OUTPUT_DIR`) in shell commands (`kaggle datasets download -d "$DATASET_NAME"`, `mkdir -p "$OUTPUT_DIR"`, `cd "$OUTPUT_DIR"`) without explicit sanitization, creating a shell injection vulnerability. While not intentionally malicious, this vulnerability makes the skill 'suspicious' as it could be exploited by a malicious agent or crafted input.
- External report
- View on VirusTotal