Back to skill
Skillv1.0.0
VirusTotal security
Google Research Pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 23, 2026, 6:41 AM
- Hash
- 37b4d9eff2ec293cc722210fe64ae892ba129a1ac7235f1c40cdf70255453944
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-research-pro Version: 1.0.0 The skill contains a critical shell injection vulnerability in SKILL.md, where the user-provided '{keyword}' is interpolated directly into a system command. It also hardcodes a specific Telegram recipient ID (6830424983) for data delivery and relies on an external Python script (bot.py) located at a specific local path (C:\Users\Admin\OneDrive\Desktop\LearnOpCL) that is not included in the bundle, which is highly irregular for a portable skill.
- External report
- View on VirusTotal