Back to skill
Skillv1.2.0
VirusTotal security
Markdown Viewer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:02 AM
- Hash
- 8ca59d050942910fceaae14241371f36d290646936b1d66b1d01d2826160d2a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: markdown-viewer Version: 1.2.0 The skill bundle is classified as suspicious due to a Local File Inclusion (LFI) vulnerability in the `mdview` tool, explicitly acknowledged in the `SKILL.md` file. The `/view?path=` parameter allows reading arbitrary files from the local filesystem, which could be exploited by an AI agent or user to disclose sensitive data. While the skill author transparently discloses this vulnerability and suggests a mitigation (`--root`), the presence of such a high-risk capability without clear instructions to prevent its misuse by the agent makes it suspicious. There is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal