Back to skill
Skillv1.0.0
VirusTotal security
HARPA AI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:04 AM
- Hash
- 6fe90f1b7098725a773b32b0fe790ad381dac92cdffd365f969bf1b91bdb7183
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: harpa-ai Version: 1.0.0 The skill bundle is designed for legitimate browser automation via the HARPA AI Grid API. However, it exposes the `resultsWebhook` parameter in `SKILL.md`, which allows directing all scraped data, search results, or AI command/prompt outputs to an arbitrary, user-defined URL. While this is a feature of the HARPA API, its availability means a malicious prompt or a compromised agent could leverage this capability to exfiltrate sensitive data from any website the HARPA node can access to an attacker-controlled server. This represents a significant data exfiltration risk, classifying it as suspicious due to the potential for misuse, even without explicit malicious intent in the skill's design.
- External report
- View on VirusTotal