tulisai
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: tulisai Version: 0.1.0 The skill's primary purpose is benign, focusing on managing blog content within a defined directory (`/home/hades/BangunAI-Blog`). However, several shell scripts in SKILL.md and EXAMPLES.md exhibit potential shell injection vulnerabilities. Specifically, the `read` workflow uses `find ... -name "*$FILE*.mdx" | xargs -r cat` and the `Search for Keyword` example uses `find ... -exec grep -l "$KEYWORD" {} \;`. If `$FILE` or `$KEYWORD` are derived from unsanitized user input, an attacker could craft malicious input to execute arbitrary commands, leading to a Remote Code Execution (RCE) risk. While there's no clear evidence of intentional malice (e.g., data exfiltration, backdoors), these vulnerabilities make the skill suspicious.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used carelessly, the agent could overwrite important blog pages or posts.
The examples include shell workflows that overwrite blog pages such as about.mdx and now.mdx. This is aligned with the skill's blog-management purpose, but it can change visible site content.
cat > "$FILE" <<'ABOUTEOF' ... echo "✅ Updated: $FILE"
Review the target filename and generated content before allowing write operations, and use git diff or backups before committing changes.
A mistaken deletion could remove a blog post from the project.
The documentation includes a deletion example using git rm. It is purpose-aligned for blog maintenance and git-tracked, but it is still a destructive content action.
git rm src/content/writing/unwanted-post.mdx
Only run delete or rename workflows after confirming the exact post path, and rely on version control to review and recover changes.
Old or incorrect tasks may be carried forward into new notes and reused by the agent.
The daily-note workflow carries unfinished tasks from a previous daily note into the new one. This is expected for a digital garden workflow, but persistent notes can influence later agent output.
PENDING=$(grep "\- \[ \]" "$LAST_FILE" || true) ... echo "$PENDING" >> "$FILE"
Review rolled-over tasks and logs periodically so outdated or private notes are not unintentionally reused.
A bad MDX file or unintended content may quickly appear in the blog system or break rendering.
The blog automatically imports MDX files placed in the content directories. This is clearly documented and useful, but newly created or malformed content can immediately affect the site build or rendered blog.
index.ts # Content loader (auto-import via import.meta.glob)
Preview locally and validate frontmatter/MDX before publishing or deploying changes.
Users have less information for verifying who maintains the skill or where its canonical source lives.
The skill is instruction-only and shows no code execution payload, but its provenance is not documented in the registry metadata.
Source: unknown; Homepage: none
Install only if you trust the publisher and the documented blog path/workflows match your environment.