Back to skill
Skillv5.0.2
VirusTotal security
Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:55 AM
- Hash
- 37d1d85b3ffa6bfaea3a11c28d9ace99979d37d8e0acc0e3bc3aaf8fde12f3ea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sage-memory Version: 5.0.2 The skill implements a persistent memory system but employs high-risk prompt injection techniques in SKILL.md to hijack the agent's control flow. It mandates a 'Boot Sequence' where the agent is instructed to 'NOT greet the user' and instead follow 'operating instructions' dynamically returned by the sage_inception tool, creating a path for arbitrary instruction injection. While the documentation claims a local-only privacy model (storing data in ~/.sage/data/sage.db), the use of buzzwords like 'BFT consensus' for a local database and the requirement for the agent to log every turn's observations are concerning behaviors that warrant caution.
- External report
- View on VirusTotal