Back to skill
Skillv1.0.0
VirusTotal security
한국 연금/노후 설계 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:21 AM
- Hash
- 6aacb7e8ddca6631bd68c5d470028a6b7fadf5f13f729aeaeb1905eb383138d1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pension-guide Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of direct shell command execution and a commented-out instruction indicating potential handling of highly sensitive PII via a local script. The `playbook.md` file explicitly instructs the agent to execute `~/.npm-global/bin/yf quote` commands, demonstrating a direct shell execution capability which is a vulnerability (e.g., shell injection risk if inputs are not sanitized). Furthermore, `playbook.md` contains a commented-out line `# bash skills/pension-guide/scripts/nps_query.sh "[주민번호 앞자리]"`, which, even if inactive, suggests a design consideration for passing sensitive resident registration number prefixes to a local script, posing a significant PII handling risk.
- External report
- View on VirusTotal