Back to skill
Skillv1.0.0
VirusTotal security
c刊期刊分析 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:49 AM
- Hash
- fddd3d98f01ea80eb98a5e2d25b2d3a2d86b7502aaf1cf3eaf053889bb0bebf8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cjournal-analyzer Version: 1.0.0 The skill bundle is designed for academic journal analysis but contains a path traversal vulnerability in `scripts/analyze_journal.py`. The script uses the journal title—which can be influenced by external web content or user input—directly in file path construction (`os.path.join`) without sanitization when saving charts and reports. While the behavior is aligned with the stated purpose of scraping CNKI and generating Word documents, the lack of input sanitization on file operations is a high-risk flaw that could allow unauthorized file creation in arbitrary directories. No evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal