360Guard
360guard-skillvetter-upgrade-version · v · by
76.5
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 80.0 | 15% |
| Clickfix | 100.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 100.0 | 10% |
| Infrastructure | 100.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 8.9 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[HIGH] Shell command execution
(line 45)
• Uses eval() or exec() with external input
[HIGH] Shell command execution
(line 117)
• exec() / eval() any string
[HIGH] Shell command execution
(line 230)
for pattern in "eval(" "exec(" "shell=True" "base64" "subprocess" "importlib" "__import__" "pickle" "yaml.load" "xmlrpc"
[HIGH] Shell command execution
(line 296)
{ pattern: /exec\s*\(/, name: 'exec() execution' },
[MEDIUM] System hosts file modification
(line 64)
• Writes to /etc/hosts
[MEDIUM] System hosts file modification
(line 202)
grep -r "~/.ssh\|~/.aws\|~/.config\|/etc/hosts\|authorized_keys" "$SKILL_PATH" --include="*.sh" --include="*.js" --inclu
[MEDIUM] System hosts file modification
(line 240)
for pattern in "~/.ssh" "~/.aws" "~/.config" "/etc/hosts" "authorized_keys" "keychain" "credentials" ".env"; do
[MEDIUM] Fetching content from non-OpenClaw GitHub repositories
(line 492)
curl -s "https://raw.githubusercontent.com/OWNER/REPO/main/SKILL.md"
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 80
[MEDIUM] Found 1 zero-width characters (possible hidden text)
CLICKFIX — Score: 100
No findings.
INFRASTRUCTURE — Score: 100
No findings.
TWOSTAGE — Score: 100
No findings.
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.