Back to skill
Skillv1.0.0
VirusTotal security
Academic Research · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:11 AM
- Hash
- 9cd776005954b80b2cb51d5b086a316f99eb99219b5e2fa053c79d9dd1021b5e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: academic-research Version: 1.0.0 The skill's core functionality aligns with its stated purpose of academic research using OpenAlex and Unpaywall APIs. However, the `scripts/literature-review.py` script contains a significant file write vulnerability. The `--output` argument allows writing the generated literature review to an arbitrary file path (`Path(args.output).write_text(output)`). If an attacker can control this argument (e.g., via prompt injection against the OpenClaw agent), they could write to sensitive system files or user configuration files, potentially leading to privilege escalation or persistence. This is a critical vulnerability, but not evidence of intentional malice within the script itself.
- External report
- View on VirusTotal