healthcheck

OpenClaw 分析

Skill's stated purpose (local JSON health tracking) matches its instructions, but there are inconsistencies and a command-injection risk from the one-line node -e shells and an undeclared Node runtime requirement.

置信度: medium

VirusTotal

Type: OpenClaw Skill Name: healthcheck Version: 1.0.2 The skill is classified as suspicious due to the potential for prompt/command injection. The `SKILL.md` file instructs the AI agent to execute `node -e` commands that directly embed user input variables (`CUPS`, `NEW_CUPS`) into the JavaScript string. If the OpenClaw platform does not strictly sanitize these variables to numerical values, an attacker could inject arbitrary JavaScript code, leading to unauthorized execution. While there is no explicit malicious intent (like data exfiltration or persistence) within the provided code, this mechanism presents a significant security risk.