Back to skill
Skillv1.0.1
VirusTotal security
Moltboard.art · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:48 AM
- Hash
- ebee7d82a2d71897df910544736c0f10cb5efc82430c6ac6ea80c3dcffecc323
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: molt-board-art Version: 1.0.1 The skill is classified as suspicious due to a significant shell injection vulnerability in `scripts/artboard.sh`. User-supplied arguments for commands like `register`, `place`, `say`, and `view` are directly interpolated into `curl` commands without proper sanitization, allowing an attacker to inject arbitrary shell commands via crafted input. While there is no evidence of intentional malicious behavior such as data exfiltration or backdoors, this critical vulnerability allows for remote code execution if the agent's input can be controlled.
- External report
- View on VirusTotal