Back to skill
Skillv1.0.0
VirusTotal security
Health Check · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 10:31 AM
- Hash
- 80a054205c66ff7d78faeaab298c7715460ffd819223e14007af088267e17d41
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hsyhp-healthcheck Version: 1.0.0 The skill implements health tracking using Node.js one-liners in SKILL.md that directly embed user-provided values (e.g., 'CUPS') into shell-executed code. This pattern introduces a code injection vulnerability, as a malicious user could potentially provide input that executes arbitrary JavaScript or shell commands. While the logic is aligned with the stated purpose and no evidence of intentional malice or data exfiltration was found, the insecure handling of input templates is a high-risk vulnerability.
- External report
- View on VirusTotal