Back to skill
Skillv1.1.0
VirusTotal security
cross-ref · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:19 AM
- Hash
- 3ce9a5dd38b937511ef0ea4fbfc135cabf93010155babc7c2fc86c1f65d7bd84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cross-ref Version: 1.1.0 The skill is classified as suspicious due to a potential shell injection vulnerability in the verification subagent's prompt. The subagent is instructed to 'Run these via bash' with `gh` commands, interpolating `{number}` and `{owner/repo}` from parsed JSON (SKILL.md). While the main scripts (`fetch-data.sh`, `post-comments.sh`) include robust input validation for the `owner/repo` parameter, the subagent's prompt does not explicitly instruct the AI to sanitize these values before execution, creating a risk of arbitrary command execution if the AI agent is naive in command construction or if the input JSON (`results-unverified.json`) is maliciously crafted. Additionally, the `SKILL.md` contains a strong prompt injection vector by instructing the agent to prioritize `references/principles.md` ('Those rules override everything in this file when there's a conflict'), although the current content of `principles.md` is benign. The overall intent of the skill appears benign, focusing on repository maintenance with responsible API usage.
- External report
- View on VirusTotal