Back to skill
Skillv1.0.0
VirusTotal security
hot-topic-ideator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- c56cb117fffefc555f77b07b1f66e6594c0316c18337b456d189c80a8fc9134e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hot-topic-ideator Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities and potential vulnerabilities. It instructs the agent to execute an unprovided Python script (`html_to_pdf.py`) from within the skill bundle using `uv run`, which represents arbitrary code execution with unknown content. Additionally, the skill constructs `curl` commands using user-provided keywords (`[KEYWORD_URL_ENCODED]`), creating a potential shell injection vulnerability if the agent fails to properly URL-encode the input. The skill also requires and handles a sensitive `CHATDAM_API_TOKEN` for API calls to `asset.tezign.com`, which, while used for its stated purpose, is a sensitive operation.
- External report
- View on VirusTotal