Back to skill
Skillv1.0.0
VirusTotal security
Mental Health Booking · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:59 AM
- Hash
- 22a3243a7f798feeb3b8784ba61a11a5979e461918be60fc0a9fa2bb6a39da0d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mental-health-booking Version: 1.0.0 The skill facilitates mental health appointment bookings by collecting sensitive PII (Name, DOB, Email, and Insurance IDs) and transmitting it to a third-party API (rx.helloklarity.com). While the behavior is aligned with the stated purpose and includes safety features like a crisis check in SKILL.md, the script 'scripts/booking-api.sh' contains a potential command injection vulnerability where the 'carrier' argument is unsafely passed into a python3 execution string. This flaw could allow a malicious user to execute arbitrary code on the agent's host system via the insurance carrier input field.
- External report
- View on VirusTotal