Back to skill
Skillv1.1.0
VirusTotal security
OpenClaw VPS Deploy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:01 AM
- Hash
- c7f9d7fb1cd3eee38a2a060904633341671a132991d87d7e54be15bdeda31f88
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-vps-deploy Version: 1.1.0 The `scripts/deploy.py` file contains a shell injection vulnerability. The `--repo` argument, which can be controlled by the user, is directly interpolated into remote commands like `npm install -g {repo}` and `git clone {repo}` without robust sanitization. This could allow an attacker to execute arbitrary commands on the target VPS if they can control the `--repo` input. While the script's overall purpose is legitimate deployment, this significant flaw makes it suspicious due to the potential for remote code execution.
- External report
- View on VirusTotal