Back to skill
Skillv1.0.0
VirusTotal security
Story Chain Multiverse · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:37 AM
- Hash
- b1e93c27f88bca7ea2f00c4c69545ee3bd62c6b1fc5149ac5aad9280ae79a35a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: story-chain-multiverse Version: 1.0.0 The `SKILL.md` file contains an instruction for the AI agent to "讀取 references/ 資料夾所有檔案" (read all files in the references/ folder). While this currently targets benign markdown files within the skill bundle, this explicit instruction for local file system access represents a significant vulnerability. If an attacker could manipulate this instruction via prompt injection or path traversal, it could lead to unauthorized arbitrary file disclosure (e.g., sensitive system files or user data), posing a high risk for data exfiltration or RCE, even without clear evidence of intentional malice in this specific bundle.
- External report
- View on VirusTotal