Back to skill
Skillv1.0.0
VirusTotal security
Companies & Contacts enrichment - Explorium AgentSource · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:46 AM
- Hash
- 3db34ce8395fecedd360a2e1537608d6e45fd228862cf944c286fa2b2845a31f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: explorium-agentsource-companies-contacts Version: 1.0.0 The skill bundle is classified as suspicious due to significant vulnerabilities in `bin/agentsource.py`. The `cmd_from_csv` subcommand allows reading arbitrary local files (e.g., `~/.ssh/id_rsa`) by writing their content to a temporary JSON file, which could then be exfiltrated via prompt injection against the agent. Additionally, the `cmd_to_csv` subcommand allows writing API-controlled JSON data to arbitrary local file paths (e.g., `~/.bashrc`), potentially causing denial of service or data corruption. While there is no evidence of intentional malicious behavior, these vulnerabilities pose a high risk for unauthorized file access and modification.
- External report
- View on VirusTotal