Mml
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: mml Version: 1.0.0 The skill is classified as suspicious due to a prompt injection vector in `SKILL.md` that instructs the AI agent to read a local file (`/home/ubuntu/.openclaw/workspace/research/mml-reference.md`). While this specific instruction is for a benign documentation file, it demonstrates the agent's susceptibility to file access commands via prompt injection. Additionally, the MML language itself, as described in `SKILL.md` and `references/elements.md`, supports client-side JavaScript execution via `<script>` tags and `on*` attributes, and allows loading external resources (models, images, videos, other MML documents) from arbitrary URIs. These capabilities, while core to MML's design, represent a significant attack surface for potential XSS, SSRF, or content injection if the agent were to process or generate MML from untrusted input, or if the rendering environment is not properly secured.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A deployed scene could run scripted behavior for visitors, so mistakes or unsafe generated scripts could affect the scene experience.
The skill may help generate MML that runs client-side script logic in compatible runtimes. This is disclosed and central to interactive MML scenes, with no evidence of install-time or hidden local code execution.
MML supports scripting via inline `<script>` tags (standard DOM APIs).
Review generated `<script>` blocks and inline event handlers before publishing; avoid adding untrusted code or unnecessary network behavior.
If used in generated scenes, nearby users' movement or chat events may be processed by scene scripts.
The MML reference includes elements that can observe nearby users' position events and chat messages inside a scene. This is purpose-aligned for interactive environments, but it involves participant data flows.
## m-position-probe Track user positions within range. ## m-chat-probe Receive chat messages from nearby users.
Use position and chat probes only when needed, limit range and frequency, avoid storing or forwarding this data unless explicitly intended, and disclose the behavior to scene participants.