Back to skill
Skillv1.0.1
VirusTotal security
browser-toggle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 1d59fa985add52da3c7250189e27e08bad6243ce97fbb6352a02a6763b3c580c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: browser-toggle Version: 1.0.1 The skill is classified as suspicious due to a local file overwrite vulnerability found in `browser_toggle.py`. The `restore_from_backup` function and its corresponding `--restore` CLI argument allow an arbitrary file path to be specified as the source for restoration. This means an attacker could potentially overwrite the `~/.openclaw/openclaw.json` configuration file with the content of any file on the system that the script's user has read access to, leading to denial of service or information disclosure if the overwritten content is later displayed. While the skill's stated purpose is benign, this lack of input sanitization presents a significant vulnerability, even though there is no evidence of intentional malicious behavior like data exfiltration or persistence.
- External report
- View on VirusTotal