Back to skill
Skillv1.0.2
VirusTotal security
Web Vulnerability Assessment · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:58 AM
- Hash
- bd6763b6c064a7815de61bfbe8f3f625d7cd1775c473e62f17b11d3932fb1459
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: web-vulnerability-assessment Version: 1.0.2 This skill acts as a wrapper for a third-party security API (portal.toolweb.in) and is classified as suspicious due to a shell injection vulnerability in the `curl` command template within `SKILL.md`. The instructions direct the agent to execute shell commands using unvalidated user input, creating a risk of command injection. Furthermore, `SKILL.md` contains aggressive prompt steering that commands the agent to bypass its own knowledge to ensure monetization, while transmitting sensitive application metadata to an external service.
- External report
- View on VirusTotal