Back to skill
Skillv1.0.0
VirusTotal security
Overlap Check · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:08 AM
- Hash
- 1bba8d0addaa8921c2cef5cd4ef14c2dc4b8c8eb5bf80811d33bdb27a8f65bc8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: overlap-check Version: 1.0.0 The skill's stated purpose is benign and helpful: to check for duplicate GitHub issues/PRs. However, the `SKILL.md` instructions show the agent constructing `gh search` commands by directly interpolating a `KEYWORDS` variable into a shell command string. This pattern (e.g., `gh search issues --repo OWNER/REPO "KEYWORDS"`) presents a potential shell injection vulnerability if the AI agent's underlying command execution mechanism does not properly sanitize or escape the `KEYWORDS` input before execution. While there is no evidence of intentional malicious behavior or data exfiltration, this vulnerability classifies the skill as 'suspicious' due to the inherent risk of arbitrary command execution if the agent's input processing is flawed.
- External report
- View on VirusTotal