Back to skill
Skillv1.0.0
VirusTotal security
Sovereign code-review-helper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:26 AM
- Hash
- 4e189be3a57a5d423c76173b9957376f28e37ca59e13373ada97c4b85392ef0f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sovereign-code-review-helper Version: 1.0.0 The skill is classified as suspicious due to a critical shell injection vulnerability in `scripts/review.sh`. The `--files` argument, which accepts a glob pattern, is directly used in `grep -E "$FILE_PATTERN"` without proper sanitization. This allows an attacker to inject arbitrary shell commands by crafting a malicious `FILE_PATTERN` value, leading to potential Remote Code Execution (RCE).
- External report
- View on VirusTotal