Back to skill
Skillv1.0.0
VirusTotal security
OpenCC · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:58 AM
- Hash
- 87af95b6679954299cdf7c2b67fc48d897532476e05f07305ae38084bca1c4c8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opencc Version: 1.0.0 The `scripts/convert.py` file is vulnerable to path traversal. The `--input` and `--output` arguments are directly used in `open()` calls without sanitization, allowing an attacker to read or write to arbitrary file paths (e.g., `/etc/passwd`, `~/.ssh/id_rsa`) on the system if the agent is instructed to use this skill with malicious input. This constitutes a significant file system access vulnerability, though it does not show clear evidence of intentional malicious behavior by the skill itself.
- External report
- View on VirusTotal