Back to skill
Skillv1.0.0
VirusTotal security
Bytesagain Medical Scribe · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 6, 2026, 12:16 AM
- Hash
- d818d03bc9ab71a30ad20731960b3d6e8274464d512a35b18ec3b8fe61221b99
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bytesagain-medical-scribe Version: 1.0.0 The script 'scripts/script.sh' contains a critical shell injection vulnerability. It uses unquoted heredocs (e.g., 'cat << EOF') to output medical templates, which causes the shell to evaluate any command substitutions (like $(command)) contained within the user-provided arguments such as --patient or --chief. While the skill's stated purpose of generating medical documentation appears legitimate and there is no clear evidence of intentional malice, this flaw allows for arbitrary command execution if the input is not strictly controlled.
- External report
- View on VirusTotal