Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Code Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:34 AM
- Hash
- a6f1d1e06d3b8363900b174cab8f0f49bc36cbaa42496f2af17db2c98df70954
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-code-search Version: 1.0.0 The skill provides benign code search functionality using standard CLI tools (ripgrep, fd, tree), and explicitly states it's read-only. However, the `scripts/search.sh` script directly passes user-controlled input (e.g., search patterns, paths) to these external commands, which, while generally robust, presents a potential shell injection vulnerability. Additionally, the dependency check in `scripts/search.sh` suggests installing tools via `curl | tar | cp` from external GitHub URLs, introducing a supply chain risk if those sources were ever compromised.
- External report
- View on VirusTotal