Back to skill
Skillv1.0.0
VirusTotal security
Find RSS · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:30 AM
- Hash
- 615319b5b6c041719b4861a753cc398bd38c7a0bb1277f11f12ee278f95ecb30
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: find-rss Version: 1.0.0 The skill is designed to discover RSS feeds but contains a potential argument injection vulnerability in `scripts/find-rss.sh`. The script passes the user-provided URL directly to `curl` without sufficient sanitization, which could allow an attacker to inject additional flags (e.g., `-o` to overwrite files). While the behavior aligns with the stated purpose, the lack of input validation qualifies as a vulnerability under the provided criteria.
- External report
- View on VirusTotal