Back to skill
Skillv1.0.0
VirusTotal security
Task Finish Contract · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:59 AM
- Hash
- 244e01229be59e621764a7deddd79f5bd0159adf0dad11c5e54acf0980d0dfaa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: task-finish-contract Version: 1.0.0 The skill bundle is classified as suspicious due to the presence of executable PowerShell commands within the `SKILL.md` and `references/privacy-checklist.md` files. While these commands are intended for benign purposes (task completion verification and privacy scanning), their inclusion in markdown constitutes a potential prompt injection vector. If an AI agent is instructed to execute these commands, and if arguments (such as file paths) can be influenced by an attacker, it could lead to shell injection vulnerabilities. However, there is no evidence of malicious intent, such as data exfiltration or unauthorized remote control; in fact, `SKILL.md` includes explicit privacy and safety guidelines.
- External report
- View on VirusTotal