Back to skill
Skillv1.0.0
VirusTotal security
PrivateBin Upload Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:47 AM
- Hash
- a62fd8340f4f58bedf814aef64ed6c1a49a05cb13edd289f0927eb0192264f59
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: privatebin-upload Version: 1.0.0 The skill's instructions in SKILL.md for executing `privatebin-cli` commands (specifically in 'Step 4. Run upload') involve constructing shell commands using user-provided or inferred content (e.g., `<content>`, `/path/to/file`, `--password=secret`). This direct substitution without explicit sanitization instructions creates a high risk of shell injection if the AI agent does not properly escape shell metacharacters in user-controlled input. This is a critical vulnerability that could lead to arbitrary command execution, but there is no clear evidence of intentional malicious behavior by the skill author.
- External report
- View on VirusTotal