Back to skill
Skillv1.0.0
VirusTotal security
Django Project Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:12 AM
- Hash
- 9e5101898f967fc81d103d92a1fd357a597f2780d9b17ce52e1285df42200808
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: django-creator Version: 1.0.0 The `scriptBackend.py` file, designed to automate Django project setup, contains multiple critical shell injection and path traversal vulnerabilities. User-controlled inputs such as `path`, `projectName`, `appName`, and `modulsName` are directly interpolated into `os.system` commands without sanitization. This allows an attacker to execute arbitrary commands on the host system (Remote Code Execution) or manipulate file paths by providing malicious input. While the skill's stated purpose is benign, the insecure implementation poses a severe security risk, classifying it as suspicious due to these exploitable vulnerabilities.
- External report
- View on VirusTotal