Back to skill
Skillv1.0.2
VirusTotal security
proxy-web-search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:57 AM
- Hash
- e3614d2f22e39acdf8d4458335e27de01b8102106a8663fa70ae1e21aa8616bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: proxy-web-search Version: 1.0.2 The skill provides a utility for performing web searches via a proxy, but it contains a JSON injection vulnerability in `scripts/proxy_search.sh`. While the script attempts to escape the search query, it fails to sanitize or escape other command-line arguments such as `--engine`, `--count`, and `--recency` before embedding them into a JSON payload. This allows for the injection of arbitrary keys into the POST request sent to the `WEB_SEARCH_PROXY_URL` endpoint, which is a security flaw in input handling.
- External report
- View on VirusTotal