Back to skill
Skillv0.1.0
VirusTotal security
Clawfeed · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:30 AM
- Hash
- 4c358cdad2c434924adc34759d21d4cc27b14a227edb926919b3cc9d975704d9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawfeed-2 Version: 0.1.0 The `SKILL.md` file describes a news digest tool that instructs the OpenClaw agent to execute `npm install`, which carries an inherent supply chain risk as the `package.json` is not provided. The skill also exposes a `PUT /api/config` endpoint, allowing configuration updates which could be abused if not properly secured. Additionally, the skill explicitly mentions `templates/digest-prompt.md` for customizing the AI summarization prompt, indicating a potential prompt injection vulnerability against the skill's internal AI if the OpenClaw agent is instructed to modify this file based on untrusted input. These elements represent risky capabilities and vulnerabilities rather than clear malicious intent.
- External report
- View on VirusTotal