Back to skill
Skillv0.1.0
VirusTotal security
kanbon · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:13 AM
- Hash
- 1c5dfcf7e7ed67a73b27aec26ab4a312bc5b0be4623dea574d74c227a07b83cd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kanbon Version: 0.1.0 The skill requests 'exec' permission, a broad capability. It uses this to run 'scripts/copyright.sh', a bash script that directly processes command-line arguments ($1, $2). While the SKILL.md instructions specify safe, fixed arguments, the script's design, combined with the 'exec' permission, presents a potential shell injection vulnerability if the OpenClaw agent were to dynamically pass unsanitized user input to the script. This is a risky capability without clear malicious intent, classifying it as suspicious rather than benign.
- External report
- View on VirusTotal