Back to skill
Skillv1.0.1
VirusTotal security
Corpus · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- de65997825bcbdeffa461f7ad0f190d38f71c70dadf956ab233c57d29d431379
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: corpus Version: 1.0.1 The `SKILL.md` contains an instruction for the AI agent to 'Apply code changes in the current working repository after user confirmation.' This instruction, while part of a legitimate workflow, introduces a significant prompt injection risk. If an attacker successfully manipulates the agent, this could lead to unauthorized file modifications in the user's repository, representing a high-impact vulnerability. The `scripts/corpus_api.py` code itself is benign, performing standard API interactions with the Corpus service (defaulting to https://corpusai.app) and handling the API token responsibly, without evidence of intentional malicious behavior like data exfiltration or arbitrary code execution.
- External report
- View on VirusTotal