Back to skill
Skillv0.2.0
VirusTotal security
Json Render Table · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:03 AM
- Hash
- 66f4281730d008a732d8ba5f92ecc709f6c72456e1a0de7a383dfa1de2c343d8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: json-render-table Version: 0.2.0 The skill is classified as suspicious due to its reliance on global package installations (`npm i -g json-render-cli`, `npx playwright install chromium`) which grant broad system modification capabilities to the agent. While necessary for the skill's stated purpose, these commands represent a significant attack surface if the agent were compromised or given malicious instructions. Additionally, the `references/compact-table-template.md` file uses an `eval` statement to process output from a Python script. Although the current Python logic appears to safely output only integer values, the `eval` pattern is inherently risky and a common vector for shell injection, making it a notable vulnerability if the Python script's output generation were to change or be influenced by unsanitized user input.
- External report
- View on VirusTotal