Back to skill
Skillv1.0.0
VirusTotal security
Context Slimmer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:43 AM
- Hash
- 74c0cd7eff84f951e7b66b935a5e8027a6cee13db78a679e20355a2e022bdf4e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: context-slimmer Version: 1.0.0 The `scripts/measure.sh` file contains a shell injection vulnerability. The `WORKSPACE` variable, which can be supplied as the second argument to the script, is used directly in shell commands (e.g., `wc -c < "$filepath"`, `grep`). This allows for arbitrary command execution if an attacker can control the `WORKSPACE` argument, making it a critical Remote Code Execution (RCE) vulnerability. While the skill's stated purpose and other functionalities are benign, this lack of input sanitization makes the skill suspicious.
- External report
- View on VirusTotal