Back to skill
Skillv1.1.0
VirusTotal security
SupaSkills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:25 AM
- Hash
- a0329719c1eeebaff046744cc6ed95e84533f38401ad0b2f1bb5eae72d181a82
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: supaskills Version: 1.1.0 The `SKILL.md` file defines `curl` commands that incorporate user-controlled parameters (`{query}` and `{slug}`) directly into shell commands. If the OpenClaw agent executes these commands without proper input sanitization, it introduces a significant shell injection vulnerability (potential RCE). While the skill's stated purpose is to interact with `supaskills.ai` and there is no clear evidence of intentional malicious behavior like data exfiltration to unrelated domains or persistence mechanisms, this critical vulnerability warrants a 'suspicious' classification.
- External report
- View on VirusTotal