Back to skill
Skillv1.0.1
VirusTotal security
WordPress Blog Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:03 AM
- Hash
- a59cb1fe926c8dc2e72711627ca9e5163b4db4f4575db29f573c7d0442e1d326
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: blog-automation Version: 1.0.1 The skill is classified as suspicious due to critical vulnerabilities related to file system access. The `index.py` script directly reads the `ARTICLE_JSON` file path and writes to a `log` file path, both provided as command-line arguments, without any input sanitization. This creates a significant risk of Local File Inclusion (LFI) and Arbitrary File Write, allowing an attacker to potentially read arbitrary files (e.g., credentials, system files) or write to arbitrary locations on the agent's host system if they can control these input paths (e.g., via prompt injection against the OpenClaw agent). While the skill's stated purpose is benign, these vulnerabilities could be exploited for data exfiltration or system compromise.
- External report
- View on VirusTotal