Back to skill
Skillv0.1.0
VirusTotal security
SAPCONET SSH Bridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:44 AM
- Hash
- fd93fd53b78cfa9c9e73614f65fd56fa95dd574a135b994a4531e1d68de67c04
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sapconet-ssh-bridge Version: 0.1.0 The skill is classified as suspicious due to a remote shell injection vulnerability found in `scripts/msg-sapconet.sh`. The script directly interpolates the `$MESSAGE` argument into the remote SSH command string without proper sanitization, allowing an attacker to execute arbitrary commands on the `SAPCONET_TARGET` host if they can control the `MESSAGE` input. While the script is presented as a template with 'TODO' placeholders, this lack of input sanitization constitutes a significant security flaw, even without clear evidence of intentional malice.
- External report
- View on VirusTotal