Back to skill
Skillv3.0.0
VirusTotal security
Unitconv · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:21 AM
- Hash
- e74c4192caece7084f8db2e881a225c0b6bbdf700518a332cdbabbc2c33f1078
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: unitconv Version: 3.0.0 The skill contains a command injection vulnerability in the `calc` function within `scripts/script.sh`. User-provided input (the `<value>` argument) is passed directly into an `awk` command string without sanitization, which could allow an attacker to execute arbitrary shell commands. While the script's logic is consistent with its stated purpose as a unit converter and lacks evidence of intentional malice or data exfiltration, the lack of input validation poses a significant security risk.
- External report
- View on VirusTotal