Back to skill
Skillv1.0.0
VirusTotal security
Scholar Research · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:44 AM
- Hash
- 63a7b04c1180278d42bcf5bb0b4730c6c8a700ff6b6fc14c0970ca58a3e5c3a6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: scholar-research Version: 1.0.0 The skill is classified as suspicious due to its use of `subprocess.run` to invoke external binaries (`pdftotext`, `pdfimages`) for processing untrusted PDF files downloaded from the internet. While the `subprocess.run` calls are structured to prevent direct shell injection by passing arguments as a list, processing untrusted input with external tools introduces a vulnerability surface. A maliciously crafted PDF could potentially exploit vulnerabilities in `pdftotext` or `pdfimages`, leading to arbitrary code execution or other system compromises. This represents a significant vulnerability risk, though not clear evidence of intentional malicious behavior by the skill developer.
- External report
- View on VirusTotal