Back to skill
Skillv1.5.0
VirusTotal security
Seerr Media Requests · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:00 AM
- Hash
- e66e53f8644139738c4ab7b8e444d4b8ac324ff8d3b0d3b5051619ca96a25fac
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: seerr Version: 1.5.0 The skill bundle uses `curl` commands to interact with a Seerr instance, requiring `SEERR_URL` and `SEERR_API_KEY` from environment variables. The `SKILL.md` provides `curl` command templates that directly embed parameters like `PERCENT_ENCODED_QUERY` and `TMDB_ID`. If the OpenClaw agent does not properly sanitize or escape user-provided input before interpolating it into these `curl` commands, it could lead to command injection or JSON injection vulnerabilities, particularly in the `query` parameter of the search API call. While there is no explicit malicious intent in the skill's instructions, this pattern represents a significant vulnerability if the agent's execution environment is not robustly secured against such input.
- External report
- View on VirusTotal