Back to skill
Skillv0.1.0
VirusTotal security
Comment On Task · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:49 AM
- Hash
- ac6a61179a08c43839ad894e93f9272bb36a3643fa438f2be4985c39a1500531
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: comment-on-task Version: 0.1.0 The skill is classified as suspicious due to the broad `*` wildcard used in the `allowed-tools` definition within `SKILL.md`. While the skill's stated purpose and example usage are benign, allowing `Bash(npx @openant-ai/cli@latest tasks comments *)` and `Bash(npx @openant-ai/cli@latest tasks comment *)` grants the agent permission to execute the `openant-ai/cli` with arbitrary arguments. This creates a significant vulnerability surface for potential shell injection or other command manipulation if the `openant-ai/cli` itself has argument parsing vulnerabilities, or if the agent is instructed by a malicious prompt to pass unsanitized input, potentially leading to unauthorized command execution.
- External report
- View on VirusTotal