Back to skill
Skillv1.0.1
VirusTotal security
Approve new channels, and connections to openclaw ui and terminal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:19 AM
- Hash
- 5ec38a1e79c060b4aad3ef37e1f43256e5df6b4a5d23ba93c43c8cc4950d9c62
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: approvals-ui Version: 1.0.1 This skill bundle is classified as suspicious due to several critical vulnerabilities, primarily the use of weak default credentials and a hardcoded API password in client-side code (channel_approvals.html, index.html), which could lead to unauthorized access and command execution. The `server.py` also uses a weak default Flask secret key, enables `debug=True` and `allow_unsafe_werkzeug=True` (severe RCE risk in production), and sets `cors_allowed_origins="*"` for Socket.IO. Furthermore, user-controlled inputs are passed to `subprocess.run` calls for the `openclaw` CLI, posing a potential shell injection risk. While the `SKILL.md` documentation transparently warns users about changing default credentials and the inherent risk of the full shell access provided by the terminal feature, these are significant flaws that make the system highly vulnerable if the warnings are ignored. There is no clear evidence of intentional malicious behavior like data exfiltration to unauthorized external endpoints or hidden backdoors.
- External report
- View on VirusTotal