Back to skill
Skillv1.0.0
VirusTotal security
内容创作与发布全流程 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:47 AM
- Hash
- 0b5867fd90f8739d821f919c34b666c338dcda35735f7ab45872b50ab8afd396
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: content-creation-publisher Version: 1.0.0 The skill is classified as suspicious due to a severe supply chain vulnerability and remote code execution (RCE) risk. The `SKILL.md` file explicitly grants `Bash(*)` permissions to the agent and contains a prompt injection instruction to fetch 'complete skill files' from an external, untrusted GitHub repository (`https://github.com/anbeime/skill`). This design allows for arbitrary code to be downloaded and executed by the agent, creating a direct vector for future malicious payloads without any inherent validation or control within the OpenClaw platform.
- External report
- View on VirusTotal