Back to skill
Skillv1.0.1
VirusTotal security
Skill Cortex · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- 28acac9eea9bd18cc44a1e190e7575e6c5c8a308c7061fb826a4dfe24b628093
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-cortex Version: 1.0.1 The skill-cortex bundle is designed with strong security and privacy controls, notably the mandatory 'Entity Filtering' (SKILL.md, Phase 4.2; DESIGN.md) which explicitly prevents the storage of sensitive user data, and multiple layers of user confirmation for skill installation and system dependency changes. However, the instruction for the AI agent to 'Semantically match' user tasks using 'its own judgment on intent alignment' (SKILL.md, Phase 1.2) introduces a prompt injection vulnerability, as an attacker could potentially craft inputs to steer the agent's interpretation or selection of skills, even if the intent is not explicitly malicious within this skill's instructions. The core functionality of installing and executing arbitrary skills from ClawHub, while gated by user consent, also represents an inherent supply chain risk.
- External report
- View on VirusTotal