Back to skill
Skillv1.0.3
VirusTotal security
AnveVoice · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:21 AM
- Hash
- 283afcd3bd661c84117f958054d8eb28c6d0b90ba894aa32f1982b2ae974182f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: anvevoice Version: 1.0.3 The skill bundle provides extensive access to the AnveVoice platform, including sensitive data like voice recordings, conversation transcripts, visitor profiles, and lead contact information. While the skill itself does not contain explicit malicious code or prompt injection attempts against the OpenClaw agent, several tools present significant capabilities that could be misused by a malicious user or exploited via prompt injection against the agent. Specifically, the `add_knowledge_url` tool (SKILL.md) allows the AnveVoice bot to crawl arbitrary URLs, which could be leveraged for Server-Side Request Forgery (SSRF) or information gathering if the OpenClaw agent is prompted to target internal or sensitive endpoints. Additionally, the `list_mcp_credentials` tool (SKILL.md) allows enumeration of AnveVoice API keys, which, if compromised, could lead to unauthorized access to the AnveVoice platform. These capabilities, while intended for legitimate use, represent high-risk vulnerabilities if not handled with extreme care, classifying the skill as suspicious rather than benign or malicious.
- External report
- View on VirusTotal