Back to skill
Skillv1.0.0
VirusTotal security
Clawdbot For Vcs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- 95df45093396ab69293c5a107b91e63b33500af43cb271bb9930c19bbb033147
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is designed for productivity and includes explicit prompt injection defenses, but it instructs the AI agent to execute shell commands (`gog`, `curl`) directly, granting broad access to Gmail (modify scope), Google Calendar, and Affinity CRM. While these capabilities are necessary for its stated purpose, direct shell execution by an AI agent, even with internal safeguards, presents a significant attack surface for potential command injection if external inputs are not perfectly sanitized. The explicit inclusion of 'Prompt Injection Defense' in `SKILL.md` and `SOUL.md.example` acknowledges this inherent vulnerability, classifying the skill as 'suspicious' due to high-risk capabilities rather than 'malicious' intent.
- External report
- View on VirusTotal