Back to skill
Skillv1.4.0
VirusTotal security
Evaluate Agent-Native · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:23 AM
- Hash
- c7faa03020d60fd7963633adfdc802a6d49458eaefedb32b45ba474202891116
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: evaluate-agent-native Version: 1.4.0 The skill defines a framework for evaluating 'agent-native' services but introduces a significant security risk in SKILL.md by instructing the agent to 'Read <url> and follow the instructions' as a test for 'URL Onboarding.' This pattern is a classic prompt injection vulnerability that encourages the agent to execute arbitrary instructions from untrusted external sources. While the stated intent is evaluation and no explicit malicious payloads (like data exfiltration or backdoors) are present, the methodology facilitates remote task execution by third parties.
- External report
- View on VirusTotal