Back to skill
Skillv1.0.2
VirusTotal security
Zoomin Docs Portal Scraper Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:10 AM
- Hash
- 03c0a4f3878e078a25345ff99164af6981a796b6f30ac2649fa408ab8177a841
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zoomin-scraper-recklessop Version: 1.0.2 The skill bundle is classified as suspicious due to several critical vulnerabilities that could lead to arbitrary code execution, local file read/write, and data exfiltration. Specifically, `scripts/run_scraper.sh` is vulnerable to shell injection by directly sourcing a user-provided `VENV_PATH` without validation. Additionally, `scripts/scrape_zoomin.py` and `scripts/analyze_docs_batch.py` accept file paths and output directories directly from command-line arguments without sanitization, enabling an attacker to read arbitrary local files (e.g., via `urls_file_path`) or write scraped content to arbitrary locations (e.g., via `output_dir`). While the skill's stated purpose is legitimate web scraping, these vulnerabilities present significant attack surfaces.
- External report
- View on VirusTotal