Back to skill
Skillv1.0.3
VirusTotal security
创客贴智能海报设计 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:08 AM
- Hash
- 012cac1cf21a8bc6a5e32729fd416795fb6ebb9213c5300e9989b516aaa13411
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ckt-design Version: 1.0.3 The skill facilitates poster design by calling the Chuangkit (创客贴) API (gw.chuangkit.com) and displaying the result. It is classified as suspicious because the instructions in SKILL.md direct the agent to execute shell commands (open, start, or xdg-open) using a URL string retrieved directly from a remote API response without any sanitization. This pattern creates a potential command injection vulnerability if the third-party API were to return a malicious payload, although there is no evidence of intentional malice or data exfiltration.
- External report
- View on VirusTotal