Back to skill
Skillv1.0.1
VirusTotal security
Social Media Suite · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:44 AM
- Hash
- 0a1a24ffd0a7213867b00c6db1b96166c85ca5aca97ff31b4d32c5c3aceee88b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: social-media-suite Version: 1.0.1 The skill is classified as suspicious due to the high-risk nature of its operations and a significant vulnerability pattern presented in the documentation. The `SKILL.md` file provides an example `run.sh` script that demonstrates a shell injection vulnerability by passing unsanitized arguments (`"$@"`) directly to sub-scripts, which could lead to Remote Code Execution (RCE) if the actual implementation follows this pattern. Additionally, the skill requires handling sensitive credentials (long-lived access tokens) and processes external URLs (`--image-url`), posing potential risks like Server-Side Request Forgery (SSRF) or Local File Inclusion (LFI) if not properly validated by the underlying implementation.
- External report
- View on VirusTotal