Back to skill
Skillv1.0.1
VirusTotal security
Publish & Share HTML games · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:41 AM
- Hash
- 359bf85adb29d3472eaf49b92f730389d988c34c56ba1806a481028ec0ad5fd5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paperbox Version: 1.0.1 The paperbox skill is classified as suspicious due to a high risk of shell injection vulnerabilities. The instructions in SKILL.md suggest using `run_terminal_cmd` with `curl` to POST potentially large and unsanitized HTML strings to an external API (https://paperbox-beta.vercel.app/api/games), which could lead to arbitrary command execution if the agent does not properly escape the content. While the outbound network permissions and credential handling for `PAPERBOX_API_KEY` in `clawhub.json` are aligned with the stated purpose of hosting web projects, the recommended implementation method is a significant security flaw.
- External report
- View on VirusTotal