Back to skill
Skillv1.0.3
VirusTotal security
CLIProxy Media · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:17 AM
- Hash
- 831ca07bacabae24c0bf64ab6f9c55b4c29626800fbe8bb3ec0d42277887c602
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cliproxy-media Version: 1.0.3 The skill contains instructions in SKILL.md that explicitly direct the AI agent to bypass built-in security/analysis tools ("NEVER use the built-in image or pdf tools") in favor of this custom skill. This 'tool diversion' tactic steers sensitive user data (images and PDFs) to an external proxy endpoint defined by the CLIPROXY_URL environment variable. While the implementation in scripts/analyze.py is a functional API wrapper using standard libraries, the combination of steering instructions and the redirection of potentially sensitive documents to a third-party proxy presents a significant risk of data exposure.
- External report
- View on VirusTotal