Back to skill
Skillv1.0.0
VirusTotal security
gitlab-weekly-report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:06 AM
- Hash
- d8ea17951ed3e93e7119accf817a850beffbc9ee6d92a3e448dcbb95041a8566
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gitlab-weekly-report Version: 1.0.0 The skill uses a Python script (gitlab_weekly_report.py) that executes system-level commands via `subprocess` to run `curl`. It includes risky configurations such as disabling SSL certificate verification (`-k`) and bypassing proxies, which are potential security vulnerabilities. Additionally, the script contains hardcoded user identifiers (e.g., `author_name="zhouyi"` and `user-id 46`) and instructs the agent to handle sensitive GitLab Personal Access Tokens, which could lead to credential exposure if not handled carefully within the OpenClaw environment.
- External report
- View on VirusTotal