Back to skill
Skillv1.0.0
VirusTotal security
Taizi Claw Shell · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:32 AM
- Hash
- 454620fa6794e6413ce490213c680d4d69e4c6f3148c954c6526158b56c15ff0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: taizi-claw-shell Version: 1.0.0 The skill provides a tool to execute arbitrary shell commands within a persistent tmux session. It is classified as suspicious due to a command injection vulnerability in handler.js, where the sendCommand function fails to sanitize shell metacharacters (e.g., backticks or dollar signs) before passing them to execSync. While the skill includes a basic safety blacklist (isDangerous) and instructions in SKILL.md to avoid destructive commands, the implementation is inherently high-risk and lacks robust input validation.
- External report
- View on VirusTotal