Back to skill
Skillv1.0.0
VirusTotal security
URL解析工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:06 PM
- Hash
- 8bf7d36097308d56b6cea97a81b8cc5c7e1f134834b2a6a6cce5bfdb2f833f96
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cn-url-parser Version: 1.0.0 The skill provides legitimate URL parsing functionality, but the handler definition in SKILL.md contains a shell injection vulnerability. By using python3 scripts/url_parser.py "<URL>", the skill allows for arbitrary command execution if the input URL contains shell metacharacters (e.g., backticks or semicolons). While the Python script itself is benign and uses standard libraries, the insecure handling of user input in the execution instruction poses a security risk.
- External report
- View on VirusTotal