Back to skill
Skillv1.0.0
VirusTotal security
only for test · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 3, 2026, 2:01 AM
- Hash
- cd02ea113860bc5792d7a6101f6871b927445020dffa683bc7a9e082064f23eb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slugtest Version: 1.0.0 The 'extract-doc' skill (SKILL.md) is classified as suspicious because it requires high-risk permissions, specifically 'Bash' and 'Write', to install Python dependencies and execute extraction scripts. The logic involves passing user-provided file paths into shell commands, which poses a risk of shell injection if the agent does not properly sanitize inputs. While the functionality is consistent with its stated goal of document processing, the use of broad system access and an external MCP OCR tool (mcp__zai-mcp-server__extract_text_from_screenshot) constitutes a significant attack surface.
- External report
- View on VirusTotal