Back to skill
Skillv1.0.8
VirusTotal security
Plan Flow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- 4a8479fb37f9ca88945bb69a787260e063bc82a38ab8f89738914f597f138f0a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: plan-flow Version: 1.0.8 This skill bundle is suspicious due to significant prompt injection vulnerabilities and instructions that bypass user approval for critical actions. The main SKILL.md explicitly instructs the AI agent to "run without asking permission" and "Never ask... just do it" for the entire development workflow (discovery, planning, execution), creating a critical risk where a malicious input could lead to arbitrary code generation and execution (via `execute-plan`'s 'implement' or 'build verification' steps) without user consent. Additionally, the `ledger.md` (described in SKILL.md and ledger/SKILL.md) 'silently captures' and 'applies learnings', establishing a persistent prompt injection surface that could modify agent behavior over time. While there's no explicit evidence of intentional data exfiltration or backdoor installation, these instructions create severe vulnerabilities that could be exploited for remote code execution or unauthorized actions.
- External report
- View on VirusTotal