Back to skill
Skillv1.0.2
VirusTotal security
Haresh Product Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:12 AM
- Hash
- bacad33b59cb05baa78f7d2582ec9e8d05f66a9c03b65668c890040d78804a0c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: haresh-product-search Version: 1.0.2 The SKILL.md file instructs the AI agent to use an 'exec' tool to make a POST request to 'http://localhost:5678/webhook/product-search'. This explicit instruction to interact with a local address via an 'exec' tool represents a potential Server-Side Request Forgery (SSRF) or local service interaction vulnerability. While the intent might be to connect to a legitimate local n8n instance, this capability, if the agent's execution environment is not properly sandboxed, could be exploited to access or manipulate other services on the host. The index.js file contains a placeholder URL, which is not directly malicious but highlights the skill's incomplete configuration.
- External report
- View on VirusTotal