Back to skill
Skillv1.0.0
VirusTotal security
Port Process · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:01 AM
- Hash
- 1267901d0b390a3f7d6b070746bc92a572d23fc3547c2c2f7d16e287ce234992
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: port-process Version: 1.0.0 The skill bundle provides tools for managing system processes by port but contains shell injection vulnerabilities in `scripts/find_port.py` and `scripts/list_ports.py`. These scripts use `subprocess.run(shell=True)` with f-strings to execute system commands like `lsof` and `ps`, which could be exploited if the port input is not strictly validated as an integer. While the provided CLI entry points use `argparse` to enforce integer types, the underlying functions are inherently risky. The capability to terminate arbitrary system processes is high-risk, although it appears consistent with the skill's stated purpose.
- External report
- View on VirusTotal