Back to skill
Skillv3.0.1
VirusTotal security
Validator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:33 AM
- Hash
- 3867fc0d8f3a0ab5868e2a886ec3ab3d86c8b77df6d1a5fcaf91269fc4a292de
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: validator Version: 3.0.1 The validator skill contains command injection vulnerabilities in the `json` and `yaml` commands within `scripts/script.sh`. Filenames are directly interpolated into `python3 -c` command strings, which could allow arbitrary code execution if an attacker can influence the names of files being validated. While the tool's logic appears functional and aligned with its stated purpose, these implementation flaws pose a significant security risk.
- External report
- View on VirusTotal