Back to skill
Skillv1.0.0
VirusTotal security
quick-note-tool · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:36 AM
- Hash
- 124873523bda736a353fb6d4e908f46c4a6b991bb33abab53e59c28151136d6a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quick-note-tool Version: 1.0.0 The skill provides note-taking functionality but contains shell injection vulnerabilities in `scripts/note.sh` due to a lack of input sanitization. Specifically, the `search` and `tag` commands are vulnerable to grep argument injection (e.g., passing flags like '-f' to read other files), and the `delete` command uses unvalidated input in a `sed` range-delete operation, which could be manipulated to delete unintended data. While these appear to be unintentional programming flaws rather than malicious intent, they represent a vulnerability that could be exploited via prompt injection against the AI agent.
- External report
- View on VirusTotal