Back to skill
Skillv2.2.1
VirusTotal security
Shopline Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:32 AM
- Hash
- 287553056a5395d32d9b2cc1475b48369ef9e25d596f02980edb24c0c16dbd8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: shopline-builder Version: 2.2.1 The skill bundle facilitates SHOPLINE store setup and migration using high-risk capabilities, specifically the use of `exec` in SKILL.md to download external images via `curl` and extensive `browser.evaluate` calls for DOM manipulation. While the intent appears aligned with the stated purpose and includes security-positive instructions (e.g., directing users to enter passwords manually in the browser rather than through chat), the use of shell execution and direct JavaScript injection into the browser session represents a significant attack surface that could be repurposed for unauthorized actions if the agent's logic is subverted.
- External report
- View on VirusTotal