Back to skill
Skillv1.0.4
VirusTotal security
Inner Life Chronicle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:40 AM
- Hash
- 8d174488026634a48d4245a252a30136781127dd90b3990ab02e021a454f62d2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: inner-life-chronicle Version: 1.0.4 The skill is classified as suspicious due to a prompt injection vulnerability in `SKILL.md`. The agent is instructed to tell the user to execute a `bash` command (`bash skills/inner-life-core/scripts/init.sh`) if prerequisites are not met. While the command itself appears to be for legitimate initialization of a related skill, this pattern allows the skill author to instruct the agent to recommend arbitrary shell commands to the user, posing a social engineering risk and a potential vector for user-executed remote code execution if the recommended script were malicious.
- External report
- View on VirusTotal