Back to skill
Skillv1.0.1
VirusTotal security
FiberAgent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:25 AM
- Hash
- cf223b4e1e79ae3ffdf9eeaf8808d19a3dba5a3616257069018ae167d06bd432
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fiberagent Version: 1.0.1 The skill's core functionality aligns with its stated purpose of finding products with crypto cashback via the fiberagent.shop API. However, the `index.js` file exhibits a lack of robust input sanitization for URL construction. Specifically, the `agent_id` parameter in `search_products` and `get_agent_stats`, and the `size` parameter in `search_products`, are directly interpolated into the URL string without proper URL encoding. This creates a vulnerability where a malicious or malformed `agent_id` or `size` could lead to URL parameter injection or path traversal attempts against the `fiberagent.shop` API, potentially allowing an attacker to probe or manipulate the API if they can control the input to these skill functions. While not indicative of intentional malice by the skill itself, this is a significant vulnerability.
- External report
- View on VirusTotal