Back to skill
Skillv1.0.1
VirusTotal security
blog-polish-enus-images · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 23, 2026, 1:51 PM
- Hash
- 37e8741297bb42227a8d42f2f0257f5264b73fba559d36b702e1789fca5fbada
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blog-polish-enus-images Version: 1.0.1 The skill bundle contains a significant shell injection vulnerability in SKILL.md. User-provided inputs such as 'draftPath' and 'outputDir' are directly interpolated into shell commands (e.g., 'cat', 'mkdir', and 'echo') without sanitization, which could allow an attacker to execute arbitrary commands or read sensitive files outside the intended workspace. While the logic aligns with the stated purpose of blog polishing and image prompt generation, the insecure handling of file paths and shell execution warrants a suspicious classification.
- External report
- View on VirusTotal