Back to skill
Skillv1.0.0
VirusTotal security
Claude Code Launcher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:31 AM
- Hash
- 8187d18bb9fd25fa7e89f51f6b93c2c33fc3e941cdd38dda11aa8ee02ccc49a7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-code-launcher Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/launch_claude_code.sh`. The `navigate_to_project` function uses `peekaboo type "cd \"$project\""` to input the user-provided project path into a new terminal. If `$project` contains a double quote followed by a command separator (e.g., `";`), an attacker can inject and execute arbitrary shell commands, leading to Remote Code Execution (RCE). While the skill's stated purpose is benign (launching Claude Code), this vulnerability allows for unintended and harmful behavior.
- External report
- View on VirusTotal