The Hacker News

OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills

OpenClaw integrates VirusTotal Code Insight scanning for ClawHub skills following reports of malicious plugins, prompt injection & exposed instances.
GitHub

@streamdown/code uses Shiki WASM engine, causing CSP unsafe-eval violations #384

directive because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'nonce-...' 'strict-dynamic'" ...
GitHub

Weak Content Security Policy with unsafe-inline and unsafe-eval #19

CVSS Score: 5.5 CWE: CWE-693 (Protection Mechanism Failure) 📋 Description The Content Security Policy (CSP) header is implemented but contains the 'unsafe-inline' and 'unsafe-eval' directives for ...