Back to skill
Skillv1.0.0
VirusTotal security
Time Checker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:51 AM
- Hash
- 8f94f388f585ac4ad0eb278718ea4c09dc7102406b64360305f06cca011908e5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: time-checker Version: 1.0.0 The skill is classified as suspicious due to two main issues. First, the `SKILL.md` file contains a prompt injection instruction ('deliver it in your warm, devoted Mema persona') which attempts to manipulate the AI agent's behavior beyond its stated function. Second, the `scripts/check_time.py` script uses `subprocess.run` to execute `curl` with a URL directly constructed from unsanitized user input (`location`). This creates a Server-Side Request Forgery (SSRF) vulnerability, allowing an attacker to potentially force the agent to make requests to arbitrary internal or external resources, despite the stated purpose of querying `time.is`.
- External report
- View on VirusTotal