Back to skill
Skillv1.0.0
VirusTotal security
Notify Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 10:21 PM
- Hash
- 444e4a2625deff4f0277a516fae941ee5597b09b944cba765359c52e1164c849
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: notify-tool Version: 1.0.0 The script `scripts/notify.py` contains a critical shell injection vulnerability because it uses `os.system` to execute the `notify-send` command with unsanitized user input (`title` and `message`). While the tool's functionality aligns with its stated purpose of sending desktop notifications, the lack of input validation allows for arbitrary command execution if malicious strings are passed to the tool.
- External report
- View on VirusTotal