Back to skill
Skillv1.0.0
VirusTotal security
ynu-papergraphgeneration-openclaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 8:06 AM
- Hash
- 5a8c52651d6d946b2e8495f974e1ace5546cd07c1dfe2809f84ea34c2837ca2e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ynu-papergraphgeneration-openclaw Version: 1.0.0 The skill bundle contains a significant security risk in scripts/chart_generator.py, which generates and executes arbitrary Python code using subprocess.run based on LLM-provided data, creating a potential Remote Code Execution (RCE) vector. Additionally, scripts/draw.py contains highly specific, hardcoded logic for a particular academic paper ('DeCLIP'), which is unusual for a general-purpose tool. While these behaviors represent high-risk patterns and vulnerabilities, there is no explicit evidence of intentional data exfiltration or malicious persistence.
- External report
- View on VirusTotal