Back to skill
Skillv1.0.0
VirusTotal security
Code Diff Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 5:16 AM
- Hash
- aa546055366f57ffaa5893fdb5b49a786bd47644c897be68b2eb8e3736a39af6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: code-diff-tool Version: 1.0.0 The skill provides a functional diff tool but contains a command injection vulnerability in the `cmdGit` function within `diff_engine.js`. It passes unsanitized command-line arguments directly into `execSync` when executing git commands, which could allow for arbitrary code execution if provided with malicious input. While the tool's logic aligns with its stated purpose and no evidence of intentional malice or data exfiltration was found, the lack of input sanitization in a shell-executing function is a significant security risk.
- External report
- View on VirusTotal