Back to skill
Skillv1.0.0
VirusTotal security
RegexVisualizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:32 AM
- Hash
- 6dc1c26f9e6af17d8c86263fb914c7fb078947d1ab73db797f8e334583e6201c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: regex-visualizer Version: 1.0.0 The skill is classified as suspicious due to significant vulnerabilities in `scripts/render.mjs`. The script uses `writeFileSync` with a user-controlled `--out` argument, which, when combined with `path.resolve()`, could allow an attacker to write arbitrary SVG/PNG content to arbitrary file system locations (e.g., using `../` or absolute paths). Additionally, the `--chrome` argument allows specifying an executable path for the headless browser, which could lead to Remote Code Execution if a malicious path is provided. While there is no clear evidence of intentional malicious behavior like data exfiltration or persistence, these vulnerabilities present a high risk of abuse.
- External report
- View on VirusTotal