Back to skill
Skillv0.1.0
VirusTotal security
SemanticScholar Search Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- cd65733d713e556aaa1c2161a5da7359b319a420db537e833b7c943c5f268b1b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: semanticscholar-search-skill Version: 0.1.0 The skill's core functionality for searching Semantic Scholar is benign. However, the `semantic_scholar_search.py` script contains a path traversal vulnerability: the `--output` argument, which allows users to specify a file path for results, does not sanitize the input. This means an attacker could potentially write benign JSON data to arbitrary file locations (e.g., `../../../../tmp/output.json`), leading to unauthorized file modification or denial of service, although not direct code execution or data exfiltration with malicious content.
- External report
- View on VirusTotal