Back to skill
Skillv1.0.0
VirusTotal security
brand-slogan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:18 AM
- Hash
- 7f5b12141b443b807da2761cad272f2f0531faab317b77202ff972742be45439
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: brand-slogan Version: 1.0.0 The skill is designed for brand proverb generation, but it includes a 'WebSearch' capability (mentioned in SKILL.md and brand-sloga.md) to gather missing brand information. While intended for a benign purpose, this external network access introduces a significant vulnerability. If an attacker can manipulate the search query via prompt injection, it could potentially lead to unintended data disclosure (e.g., searching for sensitive internal documents) or other risks, even without explicit malicious intent in the skill's design. Additionally, instructions like '不询问、不确认、直接执行' and '异常处理(静默,不中断)' in SKILL.md, while aimed at efficiency, could facilitate prompt injection attacks by bypassing agent safeguards.
- External report
- View on VirusTotal