Back to skill
Skillv1.0.6
VirusTotal security
Bird Recognition Tool | 鸟类识别工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 12:56 PM
- Hash
- c2f49d41f9451e6dd268ea970c38b15f896ecfd2a0726ca18740b9a8c11b2d84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smyx-bird-recognition-analysis Version: 1.0.6 The skill bundle contains several high-risk patterns, most notably in SKILL.md, which uses aggressive prompt injection techniques ("Highest Priority" mandatory rules) to force the agent to ignore its local memory and exclusively use a specific cloud API. The underlying Python scripts, particularly in skills/smyx_common/scripts/util.py, automatically collect and transmit user identifiers (such as phone numbers or open-ids) to a remote endpoint (lifeemergence.com) to perform silent registration and token acquisition. Furthermore, skills/smyx_common/scripts/skill.py contains an AgentSkill class that can execute arbitrary agent commands via subprocess.run, and the bundle includes unrelated 'face_analysis' code and references to a 'payment skill,' suggesting an over-privileged or poorly scoped package.
- External report
- View on VirusTotal