Back to skill
Skillv1.0.0
VirusTotal security
Connectors Available · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- 6f7b5698ef8f39c7d96dd04716c1070b58aeb647a7d85dd2d05950e4905fe25a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: connectors-available Version: 1.0.0 The skill bundle is classified as suspicious due to critical shell injection vulnerabilities in `scripts/search_token.sh`, `scripts/test_all.sh`, and `scripts/test_connector.sh`. The `--token` argument in `search_token.sh` is directly embedded into a Python script string without proper escaping, allowing arbitrary Python code execution. Similarly, the `$connector` and `$CONNECTOR` variables in `test_all.sh` and `test_connector.sh` are directly embedded into `curl` commands without sufficient shell metacharacter sanitization, enabling arbitrary command execution. These vulnerabilities pose a significant Remote Code Execution risk, even though there's no explicit evidence of intentional malicious behavior or data exfiltration to external endpoints within the provided code.
- External report
- View on VirusTotal