Back to skill
Skillv0.2.3
VirusTotal security
Med Info · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:48 AM
- Hash
- 79b76d67f0c57a26597f6d95b70f7b64e5aeeeb13ea3c736831de02485f74915
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: med-info Version: 0.2.3 The skill is classified as suspicious due to the presence of high-risk capabilities, specifically the execution of an external binary (`pdftotext`) via `subprocess.run` in `scripts/med_info.py` and extensive network interactions with numerous external APIs. While these capabilities are plausibly needed for the stated purpose (parsing NIOSH PDF, fetching drug info) and appear to be implemented with input sanitization and safe `subprocess.run` arguments, they inherently introduce a broader attack surface and elevate the risk profile beyond a benign classification. The `SKILL.md` and `findings.md` also acknowledge past 'Suspicious' flags related to query injection, which the developers claim to have mitigated.
- External report
- View on VirusTotal