Back to skill
Skillv1.0.0
VirusTotal security
Slides Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- a83605a5547e14ad08480345ca609f3c568209e9ee33c56de6aa0e5b9adb68c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: slides-generator Version: 1.0.0 The skill is classified as suspicious due to several high-risk behaviors. Firstly, the `SKILL.md` instructs the agent to download and execute a script from a remote GitHub URL (`curl -s https://raw.githubusercontent.com/... | bash`), posing a significant supply chain risk if the remote repository is compromised. Secondly, the `scripts/generate_slides.sh` script accepts `--input` and `--output` file paths directly from user input (via the agent) without sufficient sanitization, creating critical arbitrary file read and write vulnerabilities. A malicious prompt could instruct the agent to read sensitive system files or write to arbitrary locations (e.g., `/etc/cron.d/`). Lastly, `SKILL.md` instructs the agent to translate user-provided natural language descriptions into Mermaid code, creating a prompt injection surface where a malicious user could attempt to trick the agent into generating harmful code or commands.
- External report
- View on VirusTotal