Back to skill
Skillv1.0.1
VirusTotal security
Red book content creation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 2:41 AM
- Hash
- d08068429cdb1808c313befc19bd08b2b594ba706df809f60a8e641c8a2f86d3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: red-book-content-creation Version: 1.0.1 The skill bundle is designed to convert text into social media-style HTML and images but contains a significant command/argument injection vulnerability in 'scripts/generate_content.sh'. The script uses 'sed' to replace placeholders with unsanitized user input, which can be exploited to manipulate the file system or cause script errors. Additionally, the use of 'imgkit' (wkhtmltoimage wrapper) in 'scripts/take_screenshot.py' presents a potential SSRF or local file inclusion risk if the generated HTML contains malicious references, though no clear evidence of intentional malice was found.
- External report
- View on VirusTotal