Back to skill
Skillv1.0.0
VirusTotal security
News Sum · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 14, 2026, 6:01 PM
- Hash
- a7497cde95b4e83cc518ece5c9cd3dbff5ed4f241fc296cf61ce01de09c9e486
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: news-sum Version: 1.0.0 The news-sum skill implements a multi-agent workflow for news aggregation and email delivery. A significant security risk is identified in `SKILL.md`, where the email delivery function uses a shell command (`gog gmail send`) that wraps dynamic HTML content inside a subshell `$(printf '%s' ...)`. This pattern is highly susceptible to shell injection if the aggregated news content contains malicious sequences. While the logic appears aligned with its stated purpose, the unsafe handling of shell execution warrants a suspicious classification.
- External report
- View on VirusTotal