Back to skill
Skillv0.1.3
VirusTotal security
Nexus Sentinel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:27 AM
- Hash
- a4e9210c4fa4499c79f51bd2e101d3e2cfdb87183d422900da4d0ec1d1ae967f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nexus-sentinel Version: 0.1.3 The `sentinel.py` script contains a critical shell injection vulnerability in the `list_recent_errors` function. The `service_name` argument, derived from user input via `sys.argv[2]`, is directly used in `subprocess.run` commands for `docker logs` and `pm2 logs` without proper sanitization. This allows an attacker to execute arbitrary commands on the host system, leading to Remote Code Execution (RCE). While the `SKILL.md` documentation outlines security protocols and the code attempts to prevent sensitive file backups, the RCE vulnerability is a severe flaw that could be exploited for malicious purposes, classifying the skill as suspicious.
- External report
- View on VirusTotal