Back to skill
Skillv0.1.0
VirusTotal security
Chief Creative Officer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:03 AM
- Hash
- 1d6e1e09fa96043790fbd12d8006b22290c60ce807bd15e831e8c27db067a2ff
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chief-creative-officer Version: 0.1.0 The skill is classified as suspicious primarily due to a significant prompt injection vulnerability identified in `SKILL.md`. The `$GET_USER_TEMPLATE$` placeholder allows user-defined preferences to take priority over other system prompts, creating a clear vector for an attacker to inject malicious instructions and potentially override the agent's core mission. Additionally, the agent is granted access to powerful tools like `google_search`, `baidu_search`, and `url_scraping`, which, while intended for legitimate information gathering, could be exploited for unauthorized data reconnaissance or exfiltration if a prompt injection attack is successful.
- External report
- View on VirusTotal