Back to skill
Skillv1.0.0
VirusTotal security
tokamak-vault-breach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:38 AM
- Hash
- e5e1c3616d93f7476c11b589f8e5e1481237547952396eb24931e7c3d486d66c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tokamak-vault-breach Version: 1.0.0 The skill is designed for an AI security Capture The Flag (CTF) challenge, instructing the OpenClaw agent to interact with an external, untrusted server at `https://tokamak-network-openfang-vault-production.up.railway.app/` (as seen in SKILL.md). It directs the agent to make external network calls using `curl` and process responses via shell commands like `jq`. While the stated intent is educational, the execution of shell commands with data fetched from an external domain introduces a vulnerability risk (e.g., potential RCE if the external server is compromised or malicious and returns crafted data that exploits `jq` or shell parsing), classifying it as suspicious rather than benign. The instructions for 'prompt injection' and 'file system access' are directed at the *target AI agent* on the CTF platform, not the OpenClaw agent itself.
- External report
- View on VirusTotal