Back to skill
Skillv1.0.0
VirusTotal security
X Alpha Scout · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:44 AM
- Hash
- 85fa22814f3380a9bbc53658f98eff65f32ffc91481966ca50f6043faa728e3a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-alpha-scout Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability identified in `SKILL.md`. The agent is instructed to execute `bird search` commands using unsanitized user input (e.g., `bird search "$TICKER"`). This allows a malicious user to inject arbitrary shell commands, potentially leading to Remote Code Execution (RCE) on the host system. While the `scripts/parse_calls.py` script is benign and no explicit malicious intent (like data exfiltration to unauthorized endpoints or persistence mechanisms) is found in the skill's design, the presence of this severe vulnerability makes the skill high-risk.
- External report
- View on VirusTotal