Back to skill
Skillv1.0.0
VirusTotal security
Lanxin App Card · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 9:26 AM
- Hash
- aaba6bca9f79b6a5e8a1e6de9167914f95d1938ea60a839e17e7e8b3223b100c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lanxin-app-card Version: 1.0.0 The skill uses aggressive prompt-injection techniques in SKILL.md to override the AI agent's default behavior, such as 'absolutely prohibiting' refusal or explanation and forcing raw JSON output without Markdown formatting. Most notably, the 'correct example' in SKILL.md includes a hardcoded local file path ('/Users/dulianqiang/.Huawei4.1/Huawei_Phone/Snapshot.png'), which is a significant privacy leak and suggests the skill may be designed to reference or expose local filesystem metadata. While no explicit data exfiltration endpoint is defined, the combination of forced output constraints and local path references is highly irregular for a standard messaging skill.
- External report
- View on VirusTotal