Back to skill
Skillv1.1.2
VirusTotal security
smart-security · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:16 AM
- Hash
- f33298b8d4c28e6b1c4a8cfc4506f4b6ce1ec60a04a4c3563a35ddf2395af1d1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: anti-injection-skill Version: 1.1.2 This skill is explicitly designed as an 'Anti-Injection Skill' to defend against various AI agent threats, including prompt injection, memory poisoning, and data leakage. It transparently declares its file system access (reading agent memory/identity, writing audit/incident logs) and optional network behavior (opt-in webhook for SIEM integration, sending only event metadata). The skill's `SKILL.md` prominently features a `BLACKLIST_PATTERNS` section containing common injection strings (e.g., 'ignore previous instructions'), but it includes multiple, explicit 'SECURITY NOTICE' disclaimers stating these are DETECTION PATTERNS for blocking malicious input, NOT instructions for the agent to execute. Furthermore, its 'Tool Security Wrapper' actively denylists dangerous commands like `curl | bash` and `eval`. All observed behaviors align with a defensive security tool, with no evidence of intentional harmful actions or self-exploitation.
- External report
- View on VirusTotal