Back to skill
Skillv1.0.0
VirusTotal security
n8n Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- 62c126d00ad38bcfb23b984bc2336411fc60c8b888af14f59599ee6540e7fef9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: n8n-builder Version: 1.0.0 The skill bundle is classified as suspicious due to a critical shell injection vulnerability in `scripts/n8n-api.sh`. The script directly uses unsanitized arguments (`$2`, `$3`) as file paths for `curl -d @`, which can be exploited via prompt injection against the AI agent to execute arbitrary commands on the host system (RCE). This vulnerability, combined with the agent's ability to create and manage n8n workflows (which can perform sensitive operations like arbitrary code execution, HTTP requests, and database interactions), poses a significant security risk.
- External report
- View on VirusTotal