Back to skill
Skillv1.0.9
VirusTotal security
Innovation Assistant by TRIZ · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- 7578501457a0a941b55c5bac6c9b37d1f79f6c5900fbc1a4d6b34ef24eea5fdf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: triz-problem-solver Version: 1.0.9 The skill implements a TRIZ innovation analysis workflow that relies on external API calls to 'qa-eureka-service.zhihuiya.com'. While the provided bash scripts (e.g., call_triz_analysis.sh) use jq to safely handle JSON construction, the instructions in SKILL.md and the reference files (references/01_system_component_analysis.md, etc.) direct the AI agent to invoke these scripts via a shell command using potentially unsanitized user input. This pattern introduces a shell injection vulnerability if the agent passes strings containing subshell execution characters (like backticks or $()) into the command line. Furthermore, the use of a QA-specific endpoint for a published skill is a minor technical inconsistency.
- External report
- View on VirusTotal