Back to skill
Skillv5.0.0
VirusTotal security
Brother DCP-T426W Printer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 2:16 AM
- Hash
- 0818566a9fe417dd6ec475892818d7203597917946eb279188c87ffe5d58b959
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: broder-printer Version: 5.0.0 The bundle contains two unrelated skills (broder-printer and sonoscli) with different owner IDs, suggesting a potentially improper or unauthorized packaging. The printer script (scripts/print.py) is vulnerable to command argument injection by passing unsanitized file paths to the 'lp' command and contains a hardcoded local IP address. Furthermore, the Sonos skill (skills/sonoscli/SKILL.md) includes an automated installation hook that fetches and executes a binary from a remote GitHub repository (github.com/steipete/sonoscli), which is a high-risk capability.
- External report
- View on VirusTotal