Back to skill
Skillv1.0.0
VirusTotal security
Yanji Bus Query · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- a978e554ba6ee45ae44e112c6e2f22929ed8242afa6b7c0a952b30ed4dec9fd9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yanjibus Version: 1.0.0 The skill contains significant command injection vulnerabilities in `yanji-bus.sh`. User-provided arguments, such as station names and line numbers, are directly interpolated into a Python script block and shell commands without sanitization, which could allow for Remote Code Execution (RCE) if a user provides crafted input. While the tool's stated purpose of querying bus data from `bus.yanjibus.com` appears legitimate and there is no evidence of intentional malice, the implementation is highly insecure.
- External report
- View on VirusTotal