Back to skill
Skillv1.0.0
VirusTotal security
Lerwee Alert Inspection · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:09 AM
- Hash
- 9d2f9029505017ad329f24c4f65d9b44fe1e663df15ce7ac4741be6069e83eae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alert-inspection Version: 1.0.0 The skill bundle implements a monitoring and reporting tool that fetches data from a local API (192.168.1.79). The primary security concern is the workflow defined in SKILL.md, which instructs the AI agent to copy a template script (export_excel_template.py) to /tmp, perform manual string replacement for variables like {{ENVIRONMENT_NAME}}, and then execute the resulting script. This dynamic code generation and execution pattern is a risky capability that could be exploited via prompt injection if the substituted values are not strictly sanitized, though no clear evidence of intentional malice or exfiltration was found.
- External report
- View on VirusTotal