Back to skill
Skillv1.1.0
VirusTotal security
Activity Control Ui · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 28, 2026, 5:16 PM
- Hash
- 847d9ec6848f1181bf84fca96cf19d379a5140528ba3150befc5aa19a1177470
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: activity-control-ui Version: 1.1.0 The skill bundle contains a path traversal vulnerability in `scripts/start-server.js`. The local HTTP server serves static files by directly joining the requested URL path with the skill directory without any sanitization or validation, which could allow an attacker to read arbitrary files from the host system using '..' sequences. While the anime-themed dashboard and WebSocket functionality align with the stated purpose, the insecure implementation of the file server poses a significant security risk.
- External report
- View on VirusTotal