Back to skill
Skillv0.2.0
VirusTotal security
Asana · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:15 AM
- Hash
- 0f38529500fff0083cd7a20c8844e023526b4dd8ae083c56e3a878822b2196bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: asana-agent-skill Version: 0.2.0 The skill bundle is classified as suspicious due to its inherent high-risk capabilities, specifically file system access and network communication with sensitive credentials. The `scripts/asana.mjs` script can read arbitrary local files (e.g., via `upload-attachment --file <path>`) and upload them to Asana, and it writes configuration files to the user's home directory. While these actions are plausibly needed for the skill's stated purpose of managing Asana, they represent meaningful high-risk behaviors that could be exploited by a malicious prompt to the AI agent, even though the skill's own documentation (SKILL.md, AGENTS.md) does not contain malicious prompt injection instructions or intent.
- External report
- View on VirusTotal