Back to skill
Skillv1.0.0
VirusTotal security
BOM Compare Tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 24, 2026, 6:46 PM
- Hash
- 646ce9604f61ed5264bc8c6bcae5b22e48e5cf64eceabaa032df8bde7b32fd68
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bom-compare-tool Version: 1.0.0 The skill implements file system access in `compare.js` using `fs.readFileSync` and `xlsx.readFile` to process BOM files, but it lacks any path sanitization or validation for the input file paths. This constitutes a potential path traversal vulnerability, as the tool will attempt to read any file path provided by the agent. While the behavior is aligned with the tool's stated purpose in `SKILL.md`, the lack of input sanitization on a risky capability (file access) meets the criteria for a suspicious classification.
- External report
- View on VirusTotal