Back to skill
Skillv0.1.0
VirusTotal security
OneDrive Integration · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 1759e3090f0d947f5728a88106dac85bcd326b245ddc2b945a08a4deb0281fd9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: onedrive-integration Version: 0.1.0 The skill is designed for legitimate file copying to OneDrive. The `SKILL.md` instructions are clear and guide the agent to ask for user confirmation for sensitive configuration, showing no signs of prompt injection. The `copy_to_onedrive.py` script is well-written, includes robust filename sanitization, and safely parses its configuration file using a custom Python function, mitigating shell injection risks from config values. However, the `scripts/onboard.sh` script is suspicious because it writes user-provided input directly into `config.env` using a heredoc without proper escaping for shell contexts. While the `copy_to_onedrive.py` script's Python parser would not execute shell commands embedded in these values, this practice creates a shell injection vulnerability if `config.env` were ever sourced by another shell script, which is a common pattern for `.env` files.
- External report
- View on VirusTotal