Back to skill
Skillv1.0.0
VirusTotal security
PRD Visualization Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:34 AM
- Hash
- 0426164c5412806e8b4b495961f28a828055704423df080dec87b210f8ad9b53
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prd-visualization-skill Version: 1.0.0 The skill bundle instructs the AI agent to start a local Python HTTP server (`python3 -m http.server 8080`) directly within the user's project directory (SKILL.md). This is a high-risk behavior because it exposes the entire contents of the project folder—including potentially sensitive files like `.env`, `.git`, or private keys—to anyone on the local network. While this is a common (though insecure) method to bypass CORS for local development, it lacks proper security isolation. No evidence of intentional data exfiltration or malicious external communication was found in the provided HTML or D3.js library.
- External report
- View on VirusTotal