Back to skill
Skillv0.0.1
VirusTotal security
Indices · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:57 AM
- Hash
- 5238b809dea01f1465baffbfc5cf7c5a1a613f9c9bddb2d3e429402bf959e407
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: indices Version: 0.0.1 The skill defines interactions with an 'indices' CLI tool, which includes powerful capabilities that could be abused. Specifically, the `--api-base <url>` flag allows specifying an arbitrary API endpoint, potentially redirecting sensitive data (like API keys or created secrets) to a malicious server if the agent is prompted to use it. Additionally, the `indices secrets create MY_SECRET --value "..."` command allows the agent to store arbitrary values as secrets, which could be exploited to exfiltrate sensitive information if the agent is instructed to retrieve and store such data. While the skill itself does not contain explicit malicious instructions or prompt injections, these documented capabilities present significant vulnerability risks if the agent is compromised by a malicious user prompt, making it suspicious.
- External report
- View on VirusTotal