Back to skill
Skillv1.0.0
VirusTotal security
Saas Decomposer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:14 AM
- Hash
- d8e1063695985b360f211d33063482a8f00416cced960aca410886cbc7cdd296
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: saas-decomposer Version: 1.0.0 The skill is classified as suspicious due to a significant Server-Side Request Forgery (SSRF) vulnerability. The `SKILL.md` explicitly instructs the AI agent to use `web_fetch` and `data-scraper` on user-provided SaaS service URLs or names. This lack of input sanitization or validation means an attacker could potentially provide malicious URLs (e.g., `file:///etc/passwd`, internal network endpoints) to the agent, leading to unauthorized access and potential data exfiltration from the host system or internal network resources. While the stated purpose of the skill (SaaS decomposition) is benign, the method exposes a critical security risk.
- External report
- View on VirusTotal