Back to skill
Skillv1.0.0
VirusTotal security
Reactive Resume · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:25 AM
- Hash
- 5070d0c4add0554514bf62bdd940d4b95c893253f97c4be2302e4f3bcdd15dfa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reactive-resume Version: 1.0.0 The skill bundle contains a shell injection vulnerability in `scripts/db-reset.py`, where the `DATABASE_URL` environment variable is unsafely interpolated into a `subprocess.run(shell=True)` call. Additionally, `SKILL.md` contains instructions for the AI agent to execute high-privilege commands (`sudo dockerd`), which increases the attack surface. While these scripts and instructions appear intended for legitimate local development of the 'Reactive Resume' project, the lack of input sanitization and the requirement for elevated privileges pose a security risk in an automated environment.
- External report
- View on VirusTotal