Back to skill
Skillv1.0.0
VirusTotal security
Bland · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 5:05 AM
- Hash
- cabdbe9882eae2471fdf75be3d7a6b21411c0d974fd76d4016f11530d157da10
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bland Version: 1.0.0 The skill bundle provides a CLI client for the Bland AI voice calling API. It correctly loads the `BLAND_API_KEY` from `/root/clawd/.env` as documented in `SKILL.md` and uses `curl` and `jq` to interact with `https://api.bland.ai/v1`. All network communication is directed to this legitimate API endpoint. Input arguments are safely handled by `jq` to prevent shell injection. While the `--task` argument could potentially be used for prompt injection against the downstream Bland AI service, this is a vulnerability of the target AI service or the overall agent's input sanitization, not an intentional malicious act by this skill bundle itself. No evidence of data exfiltration to unauthorized endpoints, backdoors, or other malicious intent was found.
- External report
- View on VirusTotal