Back to skill
Skillv1.0.0
VirusTotal security
Expanso language-detect · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:42 AM
- Hash
- 71f8ad89a2a4543d55ca8d6ec5515a22d4ac9dfe67992f4dbee3e6f7835836cd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: expanso-language-detect Version: 1.0.0 The skill is designed for language detection using OpenAI. However, both `pipeline-cli.yaml` and `pipeline-mcp.yaml` directly concatenate user-provided text into the LLM prompt without any apparent sanitization. This creates a prompt injection vulnerability, allowing an attacker to potentially manipulate the AI agent's behavior or output by crafting malicious input. This is a significant vulnerability, classifying the skill as suspicious.
- External report
- View on VirusTotal