Back to skill
Skillv0.1.0
VirusTotal security
Commute Traffic · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:48 AM
- Hash
- 5198fc9c47e2114493a71abe741db96542e4103b0d1277b309f47ce7ce5c5130
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-commute-traffic Version: 0.1.0 The skill bundle is classified as suspicious due to a potential shell injection vulnerability in the `SKILL.md` instructions. The AI agent is instructed to execute a `python3` command with user-provided origin and destination, enclosed in double quotes. If the agent fails to properly sanitize or escape user input containing special characters (e.g., an embedded double quote or command separator), it could lead to arbitrary command execution on the host system. While the `scripts/check_traffic.py` code itself correctly uses `urllib.parse.quote` for URL parameters, the initial command construction by the agent remains a critical vulnerability point, not malicious intent within the skill's code.
- External report
- View on VirusTotal