Back to skill
Skillv0.1.0
VirusTotal security
Semantic Paper Radar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:58 AM
- Hash
- f855fbd6d9e57d403b9a79558d77908c6e7cc36c9cea358126b6e9eeecd547a4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: semantic-paper-radar Version: 0.1.0 The skill bundle is classified as suspicious due to potential vulnerabilities rather than explicit malicious intent. The `scripts/paper_radar.py` file is vulnerable to path traversal via the `--html-out` argument, allowing an attacker to write files to arbitrary locations on the filesystem. Additionally, the `SKILL.md` instructions for executing the Python script with a user-provided `--query` argument (`python3 scripts/paper_radar.py search --query "<topic>"`) introduce a risk of shell injection if the AI agent does not properly sanitize or escape user input before passing it to the command line. There is no evidence of intentional data exfiltration, backdoors, or other malicious activities; network calls are restricted to legitimate academic APIs (arXiv, OpenAlex, PubMed).
- External report
- View on VirusTotal