Back to skill
Skillv0.1.0
VirusTotal security
Jackal Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:38 AM
- Hash
- d67cf94e7160c4dc775a0fe5d72a851a01422c9f14b61ad7568b6426c23a540b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jackal-memory Version: 0.1.0 The `jackal-memory/client.py` script is vulnerable to URL injection or path traversal. When constructing the `/load/{key}` endpoint, the `key` argument from user input (`sys.argv`) is directly interpolated into the URL path without proper URL encoding. This allows a malicious `key` (e.g., containing '/', '?', or '&') to alter the request path or inject query parameters, potentially leading to server-side vulnerabilities or unexpected client behavior. While this is a vulnerability rather than clear malicious intent, it represents a significant security flaw in input sanitization.
- External report
- View on VirusTotal