Back to skill
Skillv1.0.0
VirusTotal security
OpenClaw Task Experience Summaries · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:02 AM
- Hash
- 899998ef39572dbb001b1d8d3cff7d703c1808512b38d09a22abf8df2199b5b0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: task-experience-summaries Version: 1.0.0 The skill's primary purpose is benign, providing troubleshooting and documentation for OpenClaw tasks. However, the `SKILL.md` contains instructions for the AI agent to 'Update relevant section in this SKILL.md' with new experiences. This creates a significant prompt injection vulnerability, as an attacker could potentially trick the agent into injecting malicious markdown or commands into its own skill definition, altering its future behavior. While the intent is for documentation, the mechanism allows for self-modification of the skill's instructions based on agent input, which is a high-risk capability. Additionally, the use of `npm i -g clawhub --force` in troubleshooting, while common, bypasses checks and could be misused if the agent is later tricked into installing a malicious package with the `--force` flag.
- External report
- View on VirusTotal