Back to skill
Skillv1.0.0
VirusTotal security
Openclaw Skill Intelligence Ingestion · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:25 AM
- Hash
- 9a1d76171bf18dbd06a77c1a91c6e005e2256cd827f8be8d6dcfd727b6737a26
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-intelligence-ingestion Version: 1.0.0 The skill instructs the AI agent to write files to specific, absolute paths on the host system (e.g., `/Volumes/T7 Shield/Obsidian_Vault/`) and within the user's home directory. Filenames for Obsidian notes are constructed using parts derived from user-provided content (e.g., `ShortTitle` from a URL/article). This creates a critical path traversal vulnerability, allowing a malicious user to craft input that could cause the agent to write files to arbitrary locations on the host system, potentially leading to remote code execution or data corruption. Additionally, the agent is instructed to fetch arbitrary URLs, which could lead to Server-Side Request Forgery (SSRF) if not properly sandboxed. These issues are found primarily in `SKILL.md`.
- External report
- View on VirusTotal