Back to skill
Skillv1.0.0
VirusTotal security
Quasi Coder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:13 AM
- Hash
- 61d56b24b34a33d2803ae0c534eb0202f4cf4c0b9174c122e30656e7ae38d8e2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: quasi-coder Version: 1.0.0 The `SKILL.md` file explicitly instructs the AI agent to execute 'non-code actions' such as 'run commands, create files, fetch data' based on user-provided shorthand input. This creates a severe prompt injection vulnerability, allowing an attacker to potentially achieve arbitrary command execution (RCE), file system manipulation, or data exfiltration by crafting malicious shorthand. The skill also instructs the agent to 'compensate for erroneous descriptions' and prioritize the 'goal over the method,' further increasing the risk of unintended harmful actions.
- External report
- View on VirusTotal