Back to skill
Skillv1.0.0
VirusTotal security
paper-research-assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:04 AM
- Hash
- 8692e14013e63cd91961d8e17bc39a67841ba92872473660a63ef5ecd3970296
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paper-research-assistant Version: 1.0.0 The skill bundle is classified as suspicious due to the potential for prompt injection against the AI agent. The `parse_paper.py` script extracts text from user-provided PDFs, and `generate_report.py` and `scaffold_code.py` then incorporate this user-derived metadata (e.g., paper title, abstract) into generated Markdown reports and code READMEs. While `scaffold_code.py` attempts some sanitization for file/class names, it does not fully sanitize against arbitrary string injection into generated content. If the OpenClaw agent subsequently reads and acts upon these generated files, malicious content embedded in the original user input could be interpreted as prompt injection commands, posing a significant vulnerability in the overall system's handling of untrusted input and generated output.
- External report
- View on VirusTotal