Back to skill
Skillv1.0.0
VirusTotal security
CDISC Library API Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- 6b2ef99dadfbeb34d0e681fa989d2d8b6a272ff79691b10a34cb4ec192649501
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cdisc-library-api Version: 1.0.0 The skill bundle provides a functional interface for the CDISC Library API but contains several security vulnerabilities and quality issues. Specifically, 'commands/export.py' is vulnerable to path traversal because it fails to sanitize the 'resource_id' parameter before using it to construct file paths, potentially allowing an attacker to overwrite arbitrary files. Additionally, 'commands/batch.py' allows the agent to read any local file provided as an argument, and 'commands/cache.py' contains a syntax error ('Path`nsys') that prevents execution. The inclusion of hardcoded local file paths (e.g., referencing an 'E:' drive in SKILL.md) further indicates a lack of proper environment isolation.
- External report
- View on VirusTotal