Back to skill
Skillv1.0.0
VirusTotal security
Startup Guide · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:22 AM
- Hash
- c1fc7ee51cb6d358cf8d61635ab3027d282fca4f75d8ecba59ee34168604a703
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: startup-guide Version: 1.0.0 The skill bundle is classified as suspicious due to a significant shell injection vulnerability identified in `playbook.md`. It instructs the AI agent to execute `bash` scripts (`skills/law-search/scripts/law_search.sh` and `skills/company-info/scripts/biz_status.sh`) by directly embedding user-provided input (e.g., `[업종]`, `[사업자번호]`) into the command arguments. If the AI agent does not rigorously sanitize this user input before execution, it could lead to Remote Code Execution (RCE) on the host system, allowing an attacker to run arbitrary commands.
- External report
- View on VirusTotal