Back to skill
Skillv0.1.1
VirusTotal security
Arxiv Summarizer Orchestrator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:56 AM
- Hash
- 6ef39643ac4f79f7af7f68b8d4c85bb2b3f66de1e7bcecc0de662fa180ffe2ae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: arxiv-summarizer-orchestrator Version: 0.1.1 The skill bundle is designed for a legitimate purpose (arXiv summarization orchestration). However, it repeatedly instructs the AI agent to pass user-controlled parameters (e.g., `--language <LANG>`) directly to Python scripts executed via the shell (e.g., `python3 script.py --language <LANG>`). This pattern, found in `SKILL.md` and `references/workflow-checklist.md`, creates a significant command injection vulnerability if the OpenClaw agent does not rigorously sanitize the `<LANG>` input before constructing the shell command. While there is no evidence of intentional malicious behavior from the skill's author, this high-risk vulnerability makes the skill suspicious.
- External report
- View on VirusTotal