Back to skill
Skillv1.0.0
VirusTotal security
Snowsand Confluence · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:29 AM
- Hash
- 93147ee4dace533d6aa30bfdd495928a77512f61d70a8595b242e65425172b52
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snowsand-confluence Version: 1.0.0 The skill bundle provides a comprehensive integration with Confluence Cloud but is classified as suspicious due to high-risk behaviors and potential vulnerabilities. Specifically, the `download` command in `scripts/confluence.py` is vulnerable to path traversal because it uses the attachment title directly from the API as a local filename without sanitization. Additionally, the script's ability to read and upload arbitrary local files via the `upload` command, combined with its requirement for sensitive credentials (API tokens), presents a significant attack surface for prompt injection, although no evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal