Back to skill
Skillv1.0.0
VirusTotal security
Data Intelligence · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- 256dc036d506ca91ede2a410573a77c12803aba2e974fcdf7406b003ee1dd091
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: data-intelligence Version: 1.0.0 The skill bundle provides a framework for data scraping and competitive intelligence using Apify and PinchTab. It contains shell scripts (scripts/data-collection.sh and scripts/competitor-monitor.sh) that are vulnerable to shell injection because they directly embed user-provided arguments into command strings. Additionally, the installation instructions in skill.md and README.md recommend high-risk patterns, specifically 'curl | bash' for installing PinchTab (from pinchtab.com) and global npm installations. While these behaviors are consistent with the stated purpose of the skill, they represent significant security vulnerabilities and high-risk execution patterns.
- External report
- View on VirusTotal