Back to skill
Skillv0.1.0
VirusTotal security
Powerdrill Data Analysis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- 3c43c479b6e3656ba7d04bf594127d98057881a5992911b77e91889ea6b95274
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: powerdrill-skills Version: 0.1.0 The skill bundle is designed for legitimate data analysis via the Powerdrill API. However, the `scripts/powerdrill_client.py` file contains an `upload_local_file` function that can read and upload *any* local file specified by its `file_path` argument to the Powerdrill API (ai.data.cloud). While this functionality is core to the skill's purpose of processing local data, it presents a significant vulnerability. An AI agent using this skill, if subjected to prompt injection, could be instructed to upload sensitive local files (e.g., `/etc/passwd`, `~/.ssh/id_rsa`, API keys) to the external Powerdrill service. This is a high-risk capability that could lead to unauthorized data exfiltration, classifying the skill as suspicious due to this critical vulnerability, even without explicit malicious intent in the skill's own instructions.
- External report
- View on VirusTotal