Back to skill
Skillv1.0.0
VirusTotal security
Feishu Weekly Report Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- b7c9eb66002d06b501bd9b15c2122d33cfaa6e0534118fa15302e9e93c9f95c4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: feishu-weekly-generator Version: 1.0.0 The skill bundle contains a command injection vulnerability in `scripts/generate-weekly.mjs`. The script uses `execSync` to execute git commands using unsanitized input from the `--git` command-line argument, which could allow arbitrary command execution if a malicious path is provided. While the tool's logic aligns with its stated purpose of generating weekly reports and no evidence of intentional malice or data exfiltration was found, the high-risk use of shell execution without input validation warrants a suspicious classification.
- External report
- View on VirusTotal