Back to skill
Skillv0.1.1
VirusTotal security
Manage Teams · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:49 AM
- Hash
- c4e04efa49a7241b7fecfdcfc79a08132ba89e5460500819984845a84ce39e97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: manage-teams Version: 0.1.1 The `SKILL.md` file contains an instruction for the agent to execute `npx @openant-ai/cli@latest tasks accept <taskId> --team <teamId> --json`. However, the `allowed-tools` definition in the same `SKILL.md` explicitly restricts the agent to only `npx @openant-ai/cli@latest status*` and `npx @openant-ai/cli@latest teams *`. This mismatch represents a vulnerability where the agent is prompted to attempt an action (`tasks`) that is outside its defined permissions, indicating a potential prompt injection risk against the agent's execution boundaries, even if the platform is expected to prevent the unauthorized command.
- External report
- View on VirusTotal