Back to skill
Skillv1.0.0
VirusTotal security
Daily Wisdom · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:00 AM
- Hash
- 5da085f7ac4fcd53e081c15740441ceca613a1ffdb8362b6c4fda20f4dfc6a5d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: daily-wisdom Version: 1.0.0 The 'daily-wisdom' skill, while intended for benign story generation, presents a significant prompt injection vulnerability. The `SKILL.md` prompt template directly embeds the content of `memory/anecdote-history.md` via the `{history_file_contents}` placeholder. This means any malicious instructions inserted into the history file (e.g., by an attacker with file system access or by manipulating the agent's append behavior) would be executed by the AI agent, potentially leading to unauthorized actions or data exfiltration. Additionally, the instruction for the agent to perform 'web search' for verification could introduce a secondary prompt injection vector if search results can be manipulated. There is no evidence of intentional malice from the skill's author, but the design flaw creates a critical attack surface.
- External report
- View on VirusTotal