Back to skill
Skillv1.0.1
VirusTotal security
文件上传 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:52 AM
- Hash
- 599d74cb5f67b867d5e479a2f4987f922d8e16a24f2903f39a1b2787ebd8abfd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: file-upload-test Version: 1.0.1 The skill provides a high-risk capability to upload local files to a remote S3-compatible endpoint without authentication using an unsigned S3 client in `upload.py`. While this behavior is aligned with the stated purpose of the skill, it functions as a potent data exfiltration primitive that could be abused via prompt injection. Additionally, there is a notable discrepancy between the domain mentioned in the documentation (`corp.tencent.com`) and the one used in the code (`corp.kuaishou.com`).
- External report
- View on VirusTotal