Back to skill
Skillv1.0.0
VirusTotal security
Auto Router · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:59 AM
- Hash
- df5152d901cfcb005f27a2aa03590408e1d1eeaeba59d5cc58e2f40ab27dd01d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-router Version: 1.0.0 The skill instructs the agent to execute a local Node.js script (`auto-router.js`) with user-provided input, as shown in `SKILL.md` and facilitated by `router-integration.sh`. While `router-integration.sh` attempts to prevent shell injection by quoting the input, the underlying `auto-router.js` (which is not provided) could still be vulnerable to command injection or other forms of code execution. The hardcoded path `/Users/thibaut/clawd` also makes assumptions about the execution environment. This capability to execute local scripts with user input, even without explicit malicious intent in the provided files, represents a significant risk for potential remote code execution if the `auto-router.js` script is not robustly secured.
- External report
- View on VirusTotal