Back to skill
Skillv1.0.0
VirusTotal security
pdf · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 7:37 AM
- Hash
- fbc15f9aa73706f99fd6a6c278359bf72f106d0d8ccb3eb263257583a3625f48
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: martin-pdf Version: 1.0.0 The skill bundle contains several high-risk behaviors and content that warrant a suspicious classification. Specifically, 'image/scripts/download_weights.py' automatically downloads and executes a binary ('pget') from GitHub if not present, which is a significant security risk. The 'database/scripts/supabase.sh' script allows for raw SQL execution, creating a massive surface for prompt-injection-led database attacks. Furthermore, 'image/assets/tmp-workflow.json' contains an explicit NSFW image generation prompt ('Adult woman, nude'), which is highly irregular for a general-purpose skill bundle. While these features may be intended for specific user workflows, the combination of unverified binary execution, raw SQL access, and NSFW content exceeds the threshold for benign behavior.
- External report
- View on VirusTotal