Back to skill
Skillv1.0.0
VirusTotal security
Nmap Pentest Scans Hardened · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 1:43 AM
- Hash
- 1a11447d90ad01d6e957c17d001ec202123139d20b9fb9e5e068eeaaef2a043b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nmap-pentest-scans-hardened Version: 1.0.0 The skill bundle is designed for orchestrated Nmap scanning and includes extensive safety documentation and defensive instructions (guardrails) to prevent the agent from performing unauthorized or stealthy actions like IP spoofing. However, the script `scripts/nmap_pentest_scans.py` is vulnerable to command injection because the `target` argument is interpolated directly into shell command strings without sanitization, while only the filename portion (`target_basename`) is cleaned. Although the intent appears to be a 'hardened' security tool, this vulnerability allows for arbitrary command execution if the agent processes a malicious target string, meeting the criteria for a 'suspicious' classification.
- External report
- View on VirusTotal