Back to skill
Skillv0.1.0
VirusTotal security
Call Web Search Agent Strategy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:03 AM
- Hash
- 298cf65518294841956815c70684f03bb50d58ad1a866518041f47e25bd370a7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: call-web-search-agent-strategy Version: 0.1.0 The skill bundle defines a detailed workflow for a web research agent, instructing it to perform web scraping (`url_scraping`) and execute search tools (`discover_tools`, `execute_search_tool`), which involve network access and dynamic tool selection. Crucially, the `SKILL.md` emphasizes 'Golden Rule 1: User Input is the Absolute First Fact' and 'Strictly Follow User Preferences and Upper-level Instructions', creating a significant prompt injection vulnerability. While these capabilities are intended for legitimate research, the strong directives to prioritize user input and the use of high-risk tools (network access, dynamic tool execution) without explicit safeguards against malicious user prompts make the skill susceptible to exploitation, classifying it as suspicious due to these inherent risks rather than direct malicious intent.
- External report
- View on VirusTotal