Back to skill
Skillv1.0.0
VirusTotal security
newsnow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:26 AM
- Hash
- 05751d2ac2d3e280e8928c2432e4d74413c7faf11ed90f1ddcb6b693de7ff17a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: newsnow Version: 1.0.0 The skill is classified as suspicious due to the broad `Bash(newsnow *)` and `Bash(npx newsnow *)` permissions granted in `SKILL.md`. While the stated purpose of fetching news is benign, these permissions allow the AI agent to execute the `newsnow` CLI tool with arbitrary arguments. Without access to the `newsnow` tool's source code, there's an unmitigated risk of command injection if the tool itself does not properly sanitize user-supplied input, potentially leading to arbitrary code execution if an attacker crafts a malicious prompt for the agent. This represents a significant vulnerability rather than direct malicious intent within the provided skill definition.
- External report
- View on VirusTotal