Back to skill
Skillv1.0.0
VirusTotal security
redis-tools · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 29, 2026, 1:16 AM
- Hash
- 026e2e9d70456d83699d6ffd5de90c4b4612d587d3c0649e327c134368cbb852
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: redis-tools Version: 1.0.0 The script `scripts/script.sh` contains a shell injection vulnerability in the `do_test` and `do_monitor` functions. It constructs a command string (`RCMD`) using unvalidated input variables (`host`, `port`, `pass`) and executes it via subshell expansion (`$($RCMD ...)`), which allows arbitrary command execution if malicious arguments are provided. While the tool's stated purpose is benign (Redis management), this architectural flaw poses a security risk.
- External report
- View on VirusTotal