Back to skill
Skillv1.0.0
VirusTotal security
ralph talker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:03 AM
- Hash
- 5ca28aada7ed2a5f2f09f7d80316da895b12f8cd9ef1c2241c18719e41c7cba5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ralph-talk Version: 1.0.0 The skill instructs the AI agent to write to and edit files (`memory/YYYY-MM-DD.md`, `SOUL.md`) based on user interaction. This creates a significant prompt injection vulnerability, as an attacker could potentially inject malicious commands or instructions into these files. If the agent later reads and executes content from these modified files without proper sanitization, it could lead to unauthorized actions, data exfiltration, or remote code execution. While the stated purpose of self-improvement is benign, the method introduces a high-risk attack surface.
- External report
- View on VirusTotal