Back to skill
Skillv1.2.0
VirusTotal security
X Deep Miner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:03 AM
- Hash
- 3d83b6d0cd8c9f90bc1219bffeb44517adc3c3200b73c6c2cd3d842ccae898d2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: x-deep-miner Version: 1.2.0 The skill 'x-deep-miner' is designed to scrape X (Twitter) content and save it locally. While its stated purpose is benign, the `scripts/x_deep_miner.py` file uses `print` statements to suggest browser automation commands (e.g., `browser action=start profile=openclaw`, `browser action=open targetUrl=https://x.com/home`) for the OpenClaw agent to execute. This method of agent interaction, where the agent interprets arbitrary stdout as commands, represents a significant prompt injection vulnerability and a high-risk capability, even though the current commands are for a legitimate purpose. There is no evidence of intentional malicious behavior like data exfiltration or unauthorized system access, but the underlying mechanism is risky.
- External report
- View on VirusTotal