Back to skill
Skillv1.0.6
VirusTotal security
Inner Life Dream · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- da23c08bb5251fc4e648cece4994f0ee726ab7dce7141986071f281a258a3c54
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: inner-life-dream Version: 1.0.6 The skill is classified as suspicious due to a prompt injection vulnerability against the AI agent. The `SKILL.md` instructs the agent to generate content based on a `DREAM_TOPIC` which can be sourced from `data/dream-config.json` or `memory/daily-notes/`. If an attacker gains write access to these files, they could inject malicious prompts, potentially coercing the agent into unintended actions or revealing sensitive information during its 'dreaming' process. While the `scripts/should-dream.sh` script itself shows reasonable sanitization for shell execution, the output `TOPIC` is directly used as input for the AI agent's creative generation, posing a significant prompt injection risk.
- External report
- View on VirusTotal