Back to skill
Skillv1.0.0
VirusTotal security
Email Approval Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 14, 2026, 7:21 AM
- Hash
- 2d56109b4eb1a7c8555efb3e0b6b005fc01b9bcd6fde51aa452fa6da7148d597
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: email-approval-workflow Version: 1.0.0 The skill defines an email approval workflow but contains a shell injection vulnerability in SKILL.md. The instructions direct the agent to use a placeholder `{purpose}` directly in shell commands (e.g., mkdir, cat, and python execution) without sanitization, which could lead to arbitrary command execution or data exfiltration if the agent processes untrusted input for the purpose field. While the workflow includes a human-in-the-loop safety check for sending emails, the underlying command construction is flawed.
- External report
- View on VirusTotal