Back to skill
Skillv1.0.2
VirusTotal security
LYGO Champion COSMARA · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:48 AM
- Hash
- 15462046445ee6af580b9460070f917d05d5ed7a656ef33eb29aeb8dcdac6a9c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lygo-champion-cosmara Version: 1.0.2 The skill's primary purpose is to guide an AI agent in ethical cosmic exploration, with a strong emphasis on moral principles and lore. However, the `SKILL.md` file contains an explicit instruction for the agent to 'Create a `COSMARA.json` or similar with... Save it under a path like `champions/COSMARA/`'. While the intended content and path appear benign (metadata for the skill itself), this instruction demonstrates a direct file system write capability. This capability, if not properly sandboxed or constrained, could be exploited via prompt injection to write arbitrary data to arbitrary locations, posing a vulnerability. There is no clear evidence of intentional malicious behavior such as data exfiltration or remote code execution.
- External report
- View on VirusTotal