Back to skill
Skillv1.0.0
VirusTotal security
Reservations Hybrid Advisor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:57 AM
- Hash
- 3d3212d0a6f70c484428b617172a4c700290dc4c8f59eeb4dbb3abe081548e41
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reservations-hybrid-advisor Version: 1.0.0 The `SKILL.md` file declares `tools: bash`, granting the agent shell execution capabilities. Although the skill explicitly states it is 'instruction-only' and 'does not execute any Azure CLI commands', it provides `az` CLI commands (`az consumption usage list`, `az vm list`) as examples for the user. This combination creates a potential prompt injection vulnerability where a user could instruct the agent to ignore its own safety rules and execute these read-only commands, or potentially other commands, despite the skill's stated benign intent. This represents a risky capability without clear evidence of intentional malice from the skill itself.
- External report
- View on VirusTotal