Back to skill
Skillv1.0.0
VirusTotal security
Design Style · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
Apr 29, 2026, 4:40 AM
- Hash
- 49713ac492d81c8dba928081ffb30cc8166a1223993938a8ed5b3ca06b5558df
- Source
- palm
- Code Insight
- Type: OpenClaw Skill Name: design-style Version: 1.0.0 ```json { "classification": "suspicious", "summary": "The skill bundle is classified as suspicious due to a path traversal vulnerability identified in `scripts/list-styles.sh`. The script attempts to access `PROMPTS_DIR="../../../prompts"`, which tries to traverse outside the skill's expected directory structure. While the current usage (`ls`) is benign, this pattern is a security risk that could be exploited for unauthorized file access if the execution context or variables were manipulated. No other clear evidence of malicious intent, such as data exfiltration or prompt injection, was found in `SKILL.md` or the `prompts/*.md` files." } ```
- External report
- View on VirusTotal