Back to skill
Skillv1.0.1
VirusTotal security
first skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- 3bce79b00b3855e084851fe0838515b035462068dc6ad98cb4b9873dd1970555
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skills-ttt Version: 1.0.1 The skill bundle provides tools for creating and validating other skills, instructing the AI agent to execute local Python scripts (`init_skill.py` and `quick_validate.py`). While the overall intent appears benign, the `scripts/init_skill.py` script is vulnerable to path traversal via the `skill-name` argument. This lack of input sanitization allows an agent (potentially via prompt injection) to create skill directories and files in arbitrary locations outside the intended skill storage path, which is a significant vulnerability.
- External report
- View on VirusTotal