Back to skill
Skillv1.0.1
VirusTotal security
Scribe · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:12 AM
- Hash
- 661c4084638f0b98bbbff5c03b7f0e2932fbc74228af3ffe5b8340a40e1195d1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-scribe Version: 1.0.1 The skill is classified as suspicious due to the use of prompt injection in `scripts/setup-cron.py` to instruct the OpenClaw agent to execute a local script. While this is for the skill's intended self-orchestration and not overtly malicious, it leverages a direct prompt injection vector (`payload.message`) which represents a significant vulnerability if the prompt were to be manipulated. Additionally, `scripts/scribe.py` uses `subprocess.run` with `curl` for external API calls, which, while seemingly handled safely in this instance, is a less robust and potentially risky method compared to dedicated HTTP libraries, contributing to the 'suspicious' classification as a risky capability.
- External report
- View on VirusTotal