Back to skill
Skillv0.0.3
VirusTotal security
Reddit Explore · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:44 AM
- Hash
- 3b615cbc625a04537071d41f23cdf97b22bea65943300abdbd22644295a17f3b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reddit-explore Version: 0.0.3 The skill is classified as suspicious due to a critical shell injection vulnerability identified in `SKILL.md`. The instruction `python3 ~/.agents/skills/reddit-explore/scripts/reddit_search.py --query "$ARGUMENTS" --max-items 30` directly embeds the `$ARGUMENTS` variable into a shell command without proper sanitization or quoting. This allows an attacker to inject arbitrary shell commands by crafting a malicious input for `$ARGUMENTS`, potentially leading to remote code execution on the agent's host system. The Python script `scripts/reddit_search.py` itself appears benign and performs its stated function of searching Reddit via Apify.
- External report
- View on VirusTotal