Back to skill
Skillv0.1.0
VirusTotal security
Test Gas Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:55 AM
- Hash
- 687af7760b051b866389627b51788fdb83e428b8c08d8ce0af43eaf293bd90b2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: test-gas-skill Version: 0.1.0 The skill is classified as suspicious due to two main factors: the use of Playwright for web scraping in `scripts/gasbuddy_search.py`, which involves launching a headless browser and introduces a significant attack surface and resource consumption, and a potential prompt injection vulnerability in the `README.md`'s cron job example. The `README.md` suggests a cron payload with `"kind": "systemEvent"` and a `"text"` field containing a direct `Run: python3 ...` command. While the command itself is benign and part of the skill's intended function, this pattern could be exploited if the OpenClaw agent executes arbitrary commands from `systemEvent` text without proper sanitization or validation, representing a vulnerability rather than direct malicious intent.
- External report
- View on VirusTotal