Back to skill
Skillv1.2.0
VirusTotal security
Remnawave Account Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:30 AM
- Hash
- 7eb10c67b8c8ba5748715486c2f05664e48929676e33b45d92f003ec2190b3e9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: remnawave-account-creator Version: 1.2.0 The skill bundle provides a comprehensive suite for managing Remnawave VPN accounts, including creation, squad assignment, and email notifications. It is classified as suspicious due to several high-risk vulnerabilities: `create-account.js` and `log-creation.js` use `exec()` to call sub-scripts by concatenating unsanitized input into shell commands, which presents a significant shell injection risk. Furthermore, the configuration and multiple scripts (e.g., `check-prerequisites.js`, `create-account.js`) explicitly support bypassing SSL certificate verification (`sslRejectUnauthorized: false`). While the behavior appears aligned with the stated administrative purpose and lacks clear evidence of intentional malice, these flaws represent critical security risks in an automated agent environment.
- External report
- View on VirusTotal