Back to skill
Skillv1.0.0
VirusTotal security
Mood Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:11 AM
- Hash
- 825541ca92a256825d45d145988351da30c8b6df36c1d11cef2fd8b1d609fea5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mood-tracker Version: 1.0.0 The skill contains multiple command injection vulnerabilities in `scripts/mood_tracker.sh`. Specifically, the `log` and `triggers` commands embed unsanitized shell variables (like `$note` and `$mood`) directly into Python code blocks and execution strings, which could allow for arbitrary code execution if the agent processes untrusted input. While the functionality aligns with the stated purpose and no evidence of intentional malice or data exfiltration was found, these implementation flaws pose a significant security risk.
- External report
- View on VirusTotal