Back to skill
Skillv1.0.5
VirusTotal security
Atlas Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- 1478a717911d6bdeabb28360fe747d83d6b1faad184a4a3e329d8e31fd146a76
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: atlas-tracker Version: 1.0.5 The skill is classified as suspicious due to several high-risk capabilities that, while potentially legitimate for its stated purpose, create a significant attack surface for prompt injection and potential abuse. Specifically, the `at_upload_file` tool in `SKILL.md` allows uploading arbitrary local files by absolute path. Furthermore, `SKILL.md` and `references/api-patterns.md` instruct the AI agent to make direct HTTP requests, including constructing authentication headers and providing `curl` examples, which implies broad network access and potential for shell command execution or injection if agent input is not properly sanitized. There is no explicit evidence of malicious intent within the skill bundle itself, but these capabilities pose a substantial risk.
- External report
- View on VirusTotal