Back to skill
Skillv1.0.1
VirusTotal security
Wilma Triage · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:38 AM
- Hash
- 29fa4a7d61e0b3aea146b8a8ddefa4fefd142f9e42777cd8747ec054ac4c1f46
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wilma-triage Version: 1.0.1 The skill instructs the agent to store user-provided data, including 'exact gog CLI commands' and 'naming conventions for events', into `TOOLS.md` and `MEMORY.md`. Subsequently, the agent is directed to 'Refer to TOOLS.md for... exact gog CLI commands' and 'Check MEMORY.md for additional skip/report rules'. This design pattern creates a significant prompt/command injection vulnerability, as a malicious user could potentially inject arbitrary commands or instructions into these files, which the agent would then execute. While the skill itself does not contain malicious payloads, it establishes a high-risk mechanism for agent control via external, user-modifiable files, classifying it as suspicious due to this critical vulnerability.
- External report
- View on VirusTotal