Back to skill
Skillv1.1.0
VirusTotal security
QA Architecture Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:08 AM
- Hash
- 8a341ee56faa938ff2df2159c9dc392963cb27abe273a690561d4428440b8b01
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: qa-architecture-auditor Version: 1.1.0 The qa-architecture-auditor skill is a static analysis tool designed to perform forensic codebase reviews and generate QA strategy reports. While its core functionality is aligned with its stated purpose, the script 'scripts/analyze_repo.py' is classified as suspicious due to a lack of output sanitization during HTML report generation. Specifically, repository metadata such as file paths and module names are inserted directly into the HTML template without escaping, creating a Cross-Site Scripting (XSS) vulnerability if the tool is used to analyze a maliciously crafted repository. No evidence of intentional harmful behavior or data exfiltration was identified.
- External report
- View on VirusTotal