Back to skill
Skillv1.0.0
VirusTotal security
Academic Formula Converter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:13 AM
- Hash
- 792786860466ed42a7873189cf68b92570da63acc6f637223d1ffca7f8b00835
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: academic-formula-converter Version: 1.0.0 The skill bundle's primary function is benign, converting LaTeX formulas. However, the `formula_converter.py` script contains a local file read vulnerability: it attempts to embed images from paths specified in the input Markdown (`doc.add_picture(img_match.group(2))`). While `os.path.exists` is checked, an attacker controlling the Markdown input could potentially specify arbitrary file paths, leading to attempts to read sensitive files. Although a `try...except: pass` block handles errors, the underlying capability to attempt access to arbitrary local files makes the skill suspicious, as it could be exploited for information disclosure.
- External report
- View on VirusTotal