Back to skill
Skillv1.0.0
VirusTotal security
Near Batch Sender · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:34 AM
- Hash
- 7a5a7db22d63ac899281c2af8da502617f159c9c0158c7986644f4b42f834702
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: near-batch-sender Version: 1.0.0 The `scripts/batch.js` file uses `child_process.exec` to run `near` CLI commands. Inputs such as `senderAccount` (from command-line arguments) and values from the input JSON files (e.g., `recipient.account`, `transfer.contract`) are directly interpolated into shell commands without proper sanitization. This creates a severe shell injection vulnerability, allowing an attacker to execute arbitrary commands on the system by crafting malicious input, which could lead to data exfiltration or other unauthorized actions.
- External report
- View on VirusTotal