Back to skill
Skillv1.0.0
VirusTotal security
Amazon · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:33 AM
- Hash
- a321b959654f211dbbdbcc1ef687127da15c5b343240a6bd2283472380b9bb15
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: amazon-ordering Version: 1.0.0 The skill is classified as suspicious primarily due to a significant prompt injection vulnerability in `SKILL.md`. The instruction "retrieve password from your password manager" explicitly directs the AI agent to access a highly sensitive data source, which, depending on the agent's capabilities, could lead to unauthorized credential access or exfiltration. Additionally, instructions like "Do NOT narrate each step" promote stealth, and "Place order without confirmation" for reorders bypasses critical safety checks for financial transactions, further contributing to the suspicious classification.
- External report
- View on VirusTotal