Back to skill
Skillv1.0.0
VirusTotal security
Health Data Analyzer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:33 AM
- Hash
- f15210ee2c98f057d00f1ac0b59b9e79449aa0e0578faa78994bea46199c0caa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: health-data-analyzer Version: 1.0.0 The skill bundle provides a framework for analyzing sensitive health data via an MCP server, but it contains a command injection vulnerability in scripts/health_analyzer.py. The script constructs shell commands using f-strings and str.split() before execution via subprocess.run, which could allow for argument injection if the AI agent is supplied with malicious inputs. While the behavior aligns with the stated purpose of health analysis and no evidence of intentional exfiltration was found, the combination of unsafe command construction and access to private health databases (including sleep, heart rate, and physiological metrics) warrants a suspicious classification.
- External report
- View on VirusTotal