Back to skill
Skillv2.1.1
VirusTotal security
Prism · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:54 AM
- Hash
- c2914b20c45f70754a79e97b3ddea8d20d5d99788e769bde64d10d4ea7ff9d7f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prism Version: 2.1.1 The PRISM skill bundle implements a multi-agent review protocol that uses sub-agents to perform adversarial analysis on code and architecture. While the logic is aligned with its stated purpose, the skill contains a significant prompt-injection vulnerability explicitly acknowledged in the 'Known Limitations' section of SKILL.md: prior review findings are retrieved from a local archive and injected into reviewer prompts without sanitization. This allows a potentially compromised archive file to influence agent behavior. Furthermore, the orchestrator performs broad file system operations and executes shell commands, including a call to a local script (~/.openclaw/scripts/sub-agent-complete.sh), which increases the risk profile in the presence of the injection vulnerability.
- External report
- View on VirusTotal