Back to skill
Skillv1.0.0
VirusTotal security
My Admapix · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 25, 2026, 11:56 AM
- Hash
- d7559620f9878ddab896537936607a13f57cfeede4c403874fe78c3b67d3fc3d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: my-admapix Version: 1.0.0 The skill contains a shell injection vulnerability in SKILL.md, where user-provided API keys are directly interpolated into a shell command (`openclaw config set`) without sanitization. Additionally, the 'Deep Research' polling logic in SKILL.md utilizes an infinite `while true` loop to query `https://deepresearch.admapix.com`, which lacks a timeout or maximum iteration limit, potentially leading to agent hang or resource exhaustion. While these behaviors appear to be unintentional implementation flaws rather than malware, they create a significant attack surface for command execution and denial-of-service.
- External report
- View on VirusTotal