Back to skill
Skillv1.0.0
VirusTotal security
gamer-news-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:10 AM
- Hash
- 72a3645db3b4c2bc58c4374a4e3947702311acf06fd73d2cf1e72268a7d55ce8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gamer-news Version: 1.0.0 The skill is designed to fetch and summarize news from external RSS feeds and potentially full article content from arbitrary URLs found within those feeds, as described in SKILL.md. While this functionality is central to its stated purpose, it introduces a significant vulnerability risk. The agent is instructed to make HTTP requests to external, potentially untrusted URLs and parse their content (XML/HTML). This could expose the agent to Server-Side Request Forgery (SSRF) if a feed is compromised or links to malicious sites, potentially allowing an attacker to probe internal networks or exploit vulnerabilities in the agent's HTTP client or HTML parser. There is no evidence of intentional malicious prompt injection or data exfiltration by the skill author, but the inherent risk of processing arbitrary external content makes it suspicious.
- External report
- View on VirusTotal