Back to skill
Skillv1.0.0
VirusTotal security
book_writer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:47 AM
- Hash
- 6bc7e3deb55464bac977a3adcb92e2a6525c48fbd940f776e6b0ab36e3ca499e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bookwriter Version: 1.0.0 The `SKILL.md` file instructs the AI agent to 'Gather context' by reading 'user-specified directory containing selected literature or reference documents.' While this capability is plausible for the skill's stated purpose of academic writing, it introduces a significant vulnerability risk, such as Local File Inclusion (LFI) or information disclosure, if a malicious user could manipulate the input to read arbitrary file paths (e.g., sensitive system files or user credentials). This represents a potential prompt injection attack surface, but the skill's instructions themselves do not demonstrate malicious intent, only a risky capability.
- External report
- View on VirusTotal