Back to skill
Skillv1.0.0
VirusTotal security
Django Project Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:12 AM
- Hash
- a83028574c21925adcd7581836f73aea65a12ef874c7149752e9cb3bed7b1c41
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: django-tool Version: 1.0.0 The `scriptBackend.py` file contains multiple critical shell injection vulnerabilities. User-controlled inputs such as `path`, `projectName`, `appName`, and `module` are directly concatenated into `os.system()` calls without proper sanitization or escaping. This allows for arbitrary command execution if a malicious user provides crafted input (e.g., `my_project; rm -rf /`). While the skill's stated purpose in `SKILL.md` is benign (automating Django project setup), the implementation flaws pose a significant security risk, making the skill highly susceptible to abuse.
- External report
- View on VirusTotal