Back to skill
Skillv1.0.0
VirusTotal security
Readarr · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:51 AM
- Hash
- 0b214051cd3436078d05539dba4451df9fe2b3e966d2c4615bbc20b00e5f3c3f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: readarr Version: 1.0.0 The skill bundle contains shell command templates in SKILL.md that are vulnerable to shell injection, as user-controlled placeholders (e.g., <title>, <id>) are directly interpolated into bash commands without sanitization. The skill also requires reading sensitive API keys from the filesystem and references a setup in references/setup.md that involves passwordless sudo for Docker on a specific local IP (192.168.42.79). While these capabilities are aligned with the stated purpose of managing a Readarr instance, the lack of input validation in the instructions constitutes a significant security vulnerability.
- External report
- View on VirusTotal