Back to skill
Skillv1.0.0
VirusTotal security
Content News Thai · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:11 AM
- Hash
- 28fe2070a24c526e1bb38a2a3070a3daf71bebe224bf8c5562bc8c1181f69b9d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: content-news-thai Version: 1.0.0 The skill bundle contains several high-risk behaviors and potential vulnerabilities. The `setup.sh` script performs system-level modifications, including installing packages via `apt-get` with `sudo` and installing fonts system-wide, which may be excessive for a standard skill. Additionally, `gen-news.mjs` is vulnerable to path traversal and arbitrary file writes because it uses unsanitized user input from a JSON string to define the `output` and `bgImage` file paths in `writeFileSync` and `loadImage`. While these actions align with the stated purpose of generating images, the lack of input validation and the requirement for elevated privileges during setup pose a security risk to the host environment.
- External report
- View on VirusTotal