Back to skill
Skillv1.0.0
VirusTotal security
log-polish-enus-images · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 1:11 PM
- Hash
- 13dfd14c1df557ded2e078dd2a665b3407cbd360caefcdaaf7d6866b1b6116dd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: log-polish-enus-images Version: 1.0.0 The skill bundle contains several shell injection vulnerabilities in the SKILL.md workflow, specifically where user-provided inputs like 'draftPath' and 'outputDir' are used directly in shell commands (e.g., 'mkdir -p', 'cat', and 'echo'). Additionally, the 'polish_content' step contains logic that effectively deletes the original blog content and replaces it with a generic hardcoded template, which is destructive behavior for a tool intended to 'polish' text. While these issues represent significant security flaws and poor implementation, there is no clear evidence of intentional malice, such as data exfiltration or backdoor persistence.
- External report
- View on VirusTotal