Back to skill
Skillv1.0.0
VirusTotal security
AI Songwriter (Clone) · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:09 AM
- Hash
- 23a85fa70e306ba7b81e606f9c9809d3f3a4b3d35b26f0a34e7512d0e8c21c81
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-songwriter-clone Version: 1.0.0 The skill facilitates automated music generation via the Suno API but contains a shell injection vulnerability in SKILL.md. The instructions direct the agent to execute a shell command using 'node' where arguments (song title and lyrics) are passed without sanitization, potentially allowing arbitrary command execution if the generated content contains shell metacharacters. While the script scripts/generate_suno.js appears to be a legitimate implementation for the kie.ai API, the execution pattern in the markdown instructions is high-risk.
- External report
- View on VirusTotal