Back to skill
Skillv1.0.0
VirusTotal security
git-backup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:22 AM
- Hash
- 27b7b508cf2f8a71ff1d8fb84148e2096ec5f871bc60c9a09561d2caee50cccb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: git-backup-publish Version: 1.0.0 The skill provides legitimate workspace backup functionality to Git platforms but contains security vulnerabilities and high-risk patterns. Specifically, `create-repo.sh` and `setup-gitee.sh` are vulnerable to JSON injection because they concatenate shell variables directly into `curl` POST data without sanitization. Additionally, `backup-to-gitee.sh` constructs an authenticated Git URL by embedding the `GITEE_TOKEN` directly into the string, a practice that can leak sensitive credentials through process lists or logs. While the script includes a `.gitignore` to prevent backing up some secrets, the combination of broad file access and unhardened credential handling warrants a suspicious classification.
- External report
- View on VirusTotal