Back to skill
Skillv1.0.0
VirusTotal security
Paprika Recipe Importer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:47 AM
- Hash
- a1a138db5b719a56c3f4721224e8b6f3d8c8354f79b4352b0e63068118f97066
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paprika-recipe-importer Version: 1.0.0 The `SKILL.md` file instructs the AI agent to execute a shell command (`python3 ...`) that incorporates a user-derived placeholder (`<recipe-name>`) directly into the command arguments. This creates a significant shell injection vulnerability if the AI agent does not properly sanitize the user-provided recipe name before executing the command. While the Python script itself (`scripts/build_paprikarecipes.py`) is benign, the method of its invocation described in `SKILL.md` poses a high risk of arbitrary command execution.
- External report
- View on VirusTotal