Back to skill
Skillv0.3.3
VirusTotal security
Samvida · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:51 AM
- Hash
- eb23b79a21377a3d2396d233c6354be2401373e62c924a10f1055928dceeb3c1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: samvida Version: 0.3.3 The skill's core functionality (crawling, generating, and deploying llms.txt) appears legitimate. However, the SKILL.md instructions repeatedly direct the OpenClaw agent to execute shell commands with user-provided inputs (e.g., `{url}`, `{token}`, `{domain}`) without explicit sanitization. This introduces a significant shell injection vulnerability (Remote Code Execution risk) in SKILL.md during both the crawl and deploy phases, as a malicious user could potentially inject arbitrary commands into the shell execution.
- External report
- View on VirusTotal