Back to skill
Skillv1.0.0
VirusTotal security
Audos – Launch a Startup Via OpenClaw in 10 Minutes · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:47 AM
- Hash
- 0e6b9aff046f7d9a2b35ab46a0a7bf4961e08764b3dd137de89b091f684d1b55
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: audos Version: 1.0.0 The skill is classified as suspicious due to a JSON injection vulnerability in `scripts/audos.sh`. User-provided arguments such as email, business idea, session token, OTP code, auth token, and chat messages are directly interpolated into JSON payloads without proper escaping, potentially allowing an attacker to inject arbitrary JSON fields into API requests. While this primarily targets the Audos API backend rather than the agent's local shell, it represents a significant input sanitization flaw. All network communication is directed to the specified `audos.com` domain, and there is no evidence of intentional data exfiltration to unauthorized endpoints, persistence mechanisms, or malicious prompt injection against the agent.
- External report
- View on VirusTotal