Back to skill
Skillv1.0.0
VirusTotal security
Daily Antifraud Report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:16 AM
- Hash
- 94401da74f113c7cb001b5b6cc5f70eaafc239880406d17424c166842ffae2ce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: daily-antifraud-report Version: 1.0.0 The skill is designed to generate anti-fraud reports by scraping Chinese news sites, but it contains a shell injection vulnerability in `scripts/search_cn.sh`. The script passes the `$QUERY` variable directly into a `curl` command without sanitization or proper quoting, which could allow for arbitrary command execution if the input is manipulated. While the workflow in `SKILL.md` aligns with the stated purpose, the lack of input handling in the shell script poses a security risk.
- External report
- View on VirusTotal