Back to skill
Skillv1.0.0
VirusTotal security
Percept Voice Commands · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- 1f174d0dd623d7663f8eb549a0bd082ef603240c604ac0fd374ef9c96f9437e3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: percept-voice-cmd Version: 1.0.0 The skill is suspicious due to a critical vulnerability described in `SKILL.md`. The documentation explicitly states that for 'General' commands, '[anything]' from the user's voice input will be 'forwarded to OpenClaw CLI for execution.' This instruction to the AI agent creates a severe prompt injection risk, potentially leading to arbitrary command execution (RCE) if the OpenClaw CLI or the underlying system does not adequately sanitize the user-provided input.
- External report
- View on VirusTotal