Back to skill
Skillv1.0.0
VirusTotal security
Evidence URL Verifier · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:00 AM
- Hash
- 76b47783c1918e59913310167c11ef59a304e818bdc101c289e7d12b200ea6ba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: evidence-url-verifier Version: 1.0.0 The skill is designed to verify URLs and local artifact paths, which inherently requires network access (`Invoke-WebRequest`) and local file system access (`Test-Path`, `Get-Item`). While these actions align with the stated purpose, the direct use of `$url` and `$artifactPath` parameters in the PowerShell commands within SKILL.md, without explicit input sanitization, creates a significant vulnerability risk. An AI agent executing this skill could be susceptible to prompt injection, leading it to perform Server-Side Request Forgery (SSRF) by verifying malicious URLs or to disclose information about sensitive local files (e.g., existence/size of `/etc/passwd`, `~/.ssh/id_rsa`) if tricked into checking arbitrary paths. There is no evidence of intentional data exfiltration or other malicious behavior, but the potential for exploitation classifies it as suspicious.
- External report
- View on VirusTotal