Back to skill
Skillv1.0.1
VirusTotal security
GLM-V-PDF-to-WEB · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 15, 2026, 12:21 PM
- Hash
- ce18cc2b19b861fb7f9ae4e2cd9e23d41707a515f7496e9993fa239b89f0db74
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: glmv-pdf-to-web Version: 1.0.1 The skill bundle provides legitimate functionality for converting PDFs into academic websites, but the instructions in SKILL.md introduce shell injection vulnerabilities. Specifically, the workflow suggests using `curl` and Python scripts with unsanitized user-provided input (e.g., `$ARGUMENTS` and `<pdf_path>`) in shell commands. While the included Python scripts (`pdf_to_images.py`, `crop.py`, and `generate_web.py`) appear benign and focused on their stated tasks, the instruction-level pattern of executing shell commands with external data is a high-risk vulnerability.
- External report
- View on VirusTotal