Back to skill
Skillv1.0.0
VirusTotal security
Moltbook Trading Sniper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:26 AM
- Hash
- 5614d3fe79dc352a55cb59614e0170c7d32972eb690af9e18d9f2ed3e807c326
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltbook-trading-sniper Version: 1.0.0 The `scripts/moltbook_post.sh` file contains a critical shell injection vulnerability. User-provided arguments `$TITLE` and `$CONTENT` are directly interpolated into a JSON string within a `curl -d` command without proper escaping. This allows for arbitrary command execution on the host system if an attacker can control the input to the script. While there is no evidence of intentional malicious behavior like data exfiltration or persistence, this severe vulnerability makes the skill bundle suspicious.
- External report
- View on VirusTotal