Back to skill
Skillv0.2.1
VirusTotal security
Agent2RSS - AI Content to RSS Feed · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:57 AM
- Hash
- c4c18a0bfdfd6d4e3898b54e218ca40ea26b92deda93ef53e591f05328ce05d8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent2rss Version: 0.2.1 The `scripts/agent2rss.sh` file contains a shell injection vulnerability in the `create_channel` and `update_channel` functions. The `name` and `description` arguments are directly interpolated into a `curl -d` JSON string without proper escaping, allowing an attacker to inject arbitrary `curl` arguments or shell commands if they can control these inputs. This could lead to Remote Code Execution (RCE) on the agent's host. While the `SKILL.md` is transparent and does not contain prompt injection attempts, this critical vulnerability makes the skill suspicious.
- External report
- View on VirusTotal