Back to skill
Skillv0.2.0
VirusTotal security
Route between two locations · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:05 AM
- Hash
- 49809fa13941465994b02a932f92bd9a55d93c1542a4802782d711eeea346e67
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: camino-route Version: 0.2.0 The skill bundle is designed for legitimate routing functionality, using `curl` and `jq` to interact with the `api.getcamino.ai` service. However, the `scripts/route.sh` file constructs URL query parameters directly from user-supplied JSON input without explicit URL encoding. While the `curl` command's double-quoting mitigates direct shell injection, this lack of input sanitization for URL parameters (e.g., if input values contain `&` or `=`) is a vulnerability that could lead to malformed API requests or unexpected behavior, classifying it as suspicious rather than benign.
- External report
- View on VirusTotal