Back to skill
Skillv1.0.0
VirusTotal security
Fractal Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:09 AM
- Hash
- c41ebdc9018f094728170d6917b3f59d6e3d1a986b5727b15064e60ad6f28f3f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fractal-memory Version: 1.0.0 The skill bundle contains multiple prompt injection vulnerabilities. User-controlled input from daily log entries is directly incorporated into LLM prompts via `scripts/rollup-daily.py` without sanitization, allowing potential manipulation of the LLM's behavior. Furthermore, `scripts/append_to_daily.py` and `scripts/ensure_daily_log.py` write unsanitized user input into daily logs, and subsequent rollup scripts (`rollup-weekly.py`, `rollup-monthly.py`) propagate this content throughout the agent's memory system, creating a persistent prompt injection vector. While there is no evidence of intentional malicious behavior like data exfiltration or unauthorized remote execution, these vulnerabilities pose a significant risk to the agent's integrity and decision-making.
- External report
- View on VirusTotal