Back to skill
Skillv0.1.2
VirusTotal security
Accept Task · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:49 AM
- Hash
- ce5f6299e8a732a6f436c254f51d6521736ab3d76213671405dac0fca50caa8d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: accept-task Version: 0.1.2 The skill is classified as suspicious due to several potential vulnerabilities, not direct malicious intent. The `SKILL.md` file contains an explicit instruction for the agent to act autonomously ('No confirmation needed') when accepting tasks, which presents a prompt injection risk if the agent can be tricked into accepting an undesirable task. Furthermore, the `allowed-tools` definitions in `SKILL.md` use a broad wildcard (`*`) for arguments to `npx @openant-ai/cli@latest` commands, creating a potential argument injection vulnerability if the underlying CLI has exploitable options. Finally, the reliance on `npx` introduces a supply chain risk, as it downloads and executes code from a package registry, which could be compromised.
- External report
- View on VirusTotal