Back to skill
Skillv1.0.0
VirusTotal security
Json Modifier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:00 AM
- Hash
- 29a7b983147c611e21321b02fe412e62cf9bc4f7c8fb77d59f26189f51385b72
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: json-modifier Version: 1.0.0 The `index.js` script allows reading and writing arbitrary files specified via command-line arguments (`--file`, `--patch-file`). While this functionality is core to its stated purpose of modifying JSON files, it introduces a significant vulnerability. An attacker could potentially leverage this skill by crafting a prompt to the OpenClaw agent, instructing it to modify or read sensitive system configuration files (e.g., `/etc/passwd`, `/etc/sudoers`) or other critical application data, without the skill itself exhibiting explicit malicious intent like data exfiltration or backdoor installation. The `scripts/test.js` also uses `child_process.execSync`, a powerful primitive, though it is used benignly within a controlled test environment.
- External report
- View on VirusTotal