Back to skill
Skillv1.0.0
VirusTotal security
commit-history-exporter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 10:01 AM
- Hash
- 7447d233f4197fe2405c265cd5df82885d64c54f1e38a3214cb8efa4e8a64bc5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: commit-history-exporter Version: 1.0.0 The skill bundle contains critical shell injection vulnerabilities in 'scripts/export_git_commits.sh' and 'scripts/export_svn_commits.sh' due to the use of 'eval' on unsanitized user-provided arguments (e.g., AUTHOR, SVN_USER, SVN_PASS). While the tool's stated purpose of exporting repository history is plausible, these flaws allow for arbitrary command execution if an attacker provides crafted inputs. No evidence of intentional malice or data exfiltration to external endpoints was found.
- External report
- View on VirusTotal