Back to skill
Skillv1.3.0
VirusTotal security
Bring Rezepte · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:54 AM
- Hash
- 2a614629d886be0ee88bc3543cc2b9392fad2cf0c41ff81af7c1f4fc9bef5e58
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bring-rezepte Version: 1.3.0 The skill's code and instructions align with its stated purpose of managing Bring! shopping lists and recipes, with strong emphasis on user consent. However, it is classified as 'suspicious' due to potential vulnerabilities. Specifically, `scripts/bring_list.js` uses `fetch` with a user-controlled `--content-url` argument, which could lead to Server-Side Request Forgery (SSRF) if the OpenClaw agent does not strictly validate the URL. Additionally, the `loadBring()` function in both Node.js scripts allows loading the `bring.js` library from an arbitrary path specified by `BRING_NODE_API_PATH`, posing a risk if this environment variable is compromised. These are vulnerabilities that could be exploited, rather than explicit malicious intent within the skill's logic or instructions.
- External report
- View on VirusTotal