Back to skill
Skillv1.0.0
VirusTotal security
Git Changelog · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- 4595ee12deed3e8648a6de9b169549ba4eac1ebb096af73c2e7d5bd4be7922b7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: git-changelog Version: 1.0.0 The skill bundle is designed for a legitimate purpose (generating git changelogs). However, the `SKILL.md` instructions imply the agent will construct `git log` commands using user-provided paths (e.g., for monorepo support: `git log -- path/to/package`). This presents a potential shell injection vulnerability if the user-supplied path is not rigorously sanitized by the agent before execution. While not explicitly malicious, this capability, if exploited, could lead to arbitrary command execution, classifying it as suspicious due to a significant vulnerability risk.
- External report
- View on VirusTotal