Back to skill
Skillv2.0.0
VirusTotal security
Mentx Doctor 医疗助手 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:47 AM
- Hash
- 5d09c5aec031b15b4dcd46e77b52cefeabc2ed575ac691b44013f6e02b2dff5e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mentx-doctor Version: 2.0.0 The skill bundle contains a critical shell injection vulnerability in `scripts/mentx-api.sh`. User-supplied medical descriptions and messages are passed as command-line arguments and expanded within a shell heredoc without sanitization, allowing for arbitrary command execution (RCE) on the host system. While the script's logic and the instructions in `SKILL.md` appear aligned with the stated purpose of medical reporting via `developer.mentx.com`, the implementation is dangerously insecure and allows for potential exploitation by a user providing crafted input.
- External report
- View on VirusTotal