Back to skill
Skillv1.0.1
VirusTotal security
AI/ML API LLM + Reasoning for OpenClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:46 AM
- Hash
- 80107ad30c6d2015643affafe6c684af761ff820cb7afa4ad38b0be658baf831
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aiml-llm-reasoning Version: 1.0.1 The skill is classified as suspicious due to potential local file read/write vulnerabilities in `scripts/run_chat.py`. The `--apikey-file` and `--output` arguments allow the script to read from and write to arbitrary file paths on the system, which could be exploited via prompt injection against the OpenClaw agent to achieve local file inclusion (LFI) or local file write (LFW). While the `README.md` file explicitly warns about the `--apikey-file` flag, the capability itself presents a significant risk. There is no evidence of intentional malicious behavior (e.g., data exfiltration, persistence, or obfuscation) within the script, making it a vulnerability rather than outright malware.
- External report
- View on VirusTotal