Back to skill
Skillv1.0.0
VirusTotal security
Research Paper Portal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 3:36 AM
- Hash
- ac99dd2e87ea0269389e66c142bccef694a8015534608aa80832cd0e0f477f97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: research-paper-portal Version: 1.0.0 The skill bundle contains a significant shell injection vulnerability in 'scripts/update-papers.py'. The script uses 'subprocess.run' with 'shell=True' to execute an LLM command, incorporating paper titles and abstracts fetched from external APIs (OpenAlex and arXiv) directly into the shell string. This could allow for Remote Code Execution (RCE) if a processed paper contains malicious characters. While this is a critical security flaw, there is no clear evidence of intentional malice, data exfiltration, or hidden backdoors; the overall functionality aligns with the stated purpose of creating a research paper portal.
- External report
- View on VirusTotal