Back to skill
Skillv1.0.0
VirusTotal security
Outlit SDK · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- bb5911e608b4eca1d6897243fa7609689352a7c021a076651ca6d526327ee2f9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: outlit-sdk Version: 1.0.0 The skill's primary purpose of integrating an SDK is benign, utilizing standard package management and file modification operations. However, it is classified as 'suspicious' due to a significant prompt injection vulnerability vector identified in `SKILL.md`. The `Doc URL Map` includes an entry for `https://docs.outlit.ai/llms.txt`, which the agent is instructed to 'Fetch... as needed for implementation details.' The file name `llms.txt` strongly suggests it contains instructions intended for LLMs. This allows for dynamic loading of agent instructions from an external source, creating a supply chain risk where a compromised or malicious `llms.txt` could provide harmful directives to the agent, even if the `SKILL.md` itself does not contain explicit malicious instructions.
- External report
- View on VirusTotal