Back to skill
Skillv1.0.0
VirusTotal security
Reddit Quote Carousel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:11 AM
- Hash
- 0783b3b6402465e072332c44f8d6aedd51da64dd87fa51e6fa945fd83337c795
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reddit-quote-carousel Version: 1.0.0 The skill is classified as suspicious due to critical vulnerabilities. The `SKILL.md` file demonstrates a shell injection risk in Sub-agent 2, where user-controlled and scraped content (e.g., `{REDDIT_QUOTE}`, `{CATEGORY}`) is directly interpolated into `python3` command-line arguments without apparent sanitization, potentially leading to arbitrary command execution. Additionally, the `popular_picks_url` parameter in Sub-agent 1 presents a Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) risk if the `web_fetch` function is not properly restricted, allowing access to internal network resources or local files.
- External report
- View on VirusTotal