Back to skill
Skillv1.0.0
VirusTotal security
Check the latest videos and updates of Bilibili ups and see if they have updated today · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:46 AM
- Hash
- b3b8e2799950b4899c7ddce0dd9aa5211b09016c3851c46b2695ca519bceea47
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bilibili-update-viewer Version: 1.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability. The `SKILL.md` file instructs the OpenClaw agent to execute Python scripts by directly embedding user-provided input (e.g., `用户名`) into shell commands without explicit sanitization (e.g., `python3 {baseDir}/get_mid.py "用户名"`). If the agent does not properly escape or sanitize this input before execution, an attacker could inject arbitrary shell commands, leading to Remote Code Execution (RCE). While the Python code itself appears benign and focused on its stated purpose, this RCE risk stemming from the agent's execution instructions makes the skill suspicious.
- External report
- View on VirusTotal