Back to skill
Skillv1.0.0
VirusTotal security
Neckr0ik Api Wrapper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:21 AM
- Hash
- 2073980cd06623e869002c0b4dccb1d340f3f566f537cf1cc90017747608f5d4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: neckr0ik-api-wrapper Version: 1.0.0 The skill is a utility for generating OpenClaw skills from OpenAPI specifications, but it contains a code injection vulnerability in `scripts/generator.py`. The generator embeds strings from untrusted API specs (such as `base_url`, `title`, and `description`) directly into f-strings used to create the generated `api.py` client without sufficient sanitization. While no intentional malice is evident, a specially crafted OpenAPI spec could lead to the generation of a malicious Python script that executes arbitrary code when the generated skill is used.
- External report
- View on VirusTotal