Back to skill
Skillv2.0.0
VirusTotal security
super-search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:22 AM
- Hash
- c168f3647c7e93cc21bead44532b77b38ba12a62973ee278f80831008cba8724
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: super-search Version: 2.0.0 The skill implements a search aggregator using Tavily and Brave Search APIs, but it instructs the agent to execute these searches via `curl` shell commands in `SKILL.md`. This pattern introduces a shell injection vulnerability if the agent places unsanitized user input into the command string. Furthermore, the skill utilizes `web_fetch` to retrieve full content from arbitrary third-party URLs, which is a high-risk capability that could be leveraged for SSRF or accessing malicious content, although it is plausibly needed for the stated purpose of summarizing search results.
- External report
- View on VirusTotal