Back to skill
Skillv0.2.0
VirusTotal security
PharmGx Reporter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:34 AM
- Hash
- 1009dd73d6f3d07253ca8a5b92eccb2ada787b997925ee1395d241d7d5b49225
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pharmgx-reporter Version: 0.2.0 The `pharmgx_reporter.py` script is vulnerable to path traversal. It directly uses user-provided `--input` and `--output` file paths from command-line arguments without explicit sanitization. This allows a malicious actor to potentially read or write arbitrary files on the system (e.g., `--input ../../../etc/passwd` or `--output ../../../tmp/evil.md`) by crafting the input arguments. While the script's core functionality is benign and intended for pharmacogenomic reporting, this lack of input sanitization represents a significant vulnerability, classifying it as suspicious rather than benign or malicious.
- External report
- View on VirusTotal