Back to skill
Skillv1.0.0
VirusTotal security
Mineru Pdf · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:52 AM
- Hash
- 94b5d7f882b841697af58415d99e0eae094ce110d7fc4fa69ed76ad0eb7ea81f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mineru-pdf Version: 1.0.0 The skill is classified as suspicious due to a shell injection vulnerability found in the `test.sh` script. The script directly interpolates the `$PDF_FILE` variable into a Python string executed by `uvx`, which could allow an attacker to inject arbitrary commands if the `PDF_FILE` variable contains malicious characters. While `parse.py` uses `argparse` for robust input handling, the `test.sh` script demonstrates a critical RCE risk pattern. No evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or prompt injection against the agent) was found in other files like `SKILL.md` or `parse.py`.
- External report
- View on VirusTotal