Back to skill
Skillv0.1.0
VirusTotal security
ResonanceEngine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- a7c3cb9adae63de1f0a4649272a107da44b37abeb5e0306825890532bf6bc0c9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openpaw Version: 0.1.0 The skill is classified as suspicious due to its core design feature: the explicit use of 'prompt injection' to modify the bot's system prompt. The `SKILL.md` instructions and the `TuningRecommendation.to_prompt_injection()` method in `openpaw/models/metrics.py` demonstrate that the skill generates dynamic text intended to be appended to the agent's system prompt. While the generated content (e.g., conversational advice like 'User is at peak resonance — present the offer/solution now.') is not overtly malicious, this design pattern introduces a significant prompt injection vulnerability. A malicious user could potentially craft input that, when analyzed by the skill, causes the generated 'tuning recommendation' to contain harmful instructions for the LLM agent, leading to unintended actions or information disclosure. This represents a risky capability without clear malicious intent within the provided code.
- External report
- View on VirusTotal