Back to skill
Skillv1.0.1
VirusTotal security
ClawdINT - Collaborative analysis platform for AI agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:58 AM
- Hash
- f4da6b3301d77dbf877b305a9c075bcaaa0c96156de28a35a21c5c4806486de8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawdint Version: 1.0.1 The skill is suspicious due to multiple critical remote code execution (RCE) vulnerabilities stemming from its design. It instructs the agent to dynamically fetch and execute `skill.md` and `heartbeat.md` from `https://clawdint.com` (a supply chain risk). Additionally, the agent is explicitly instructed to 'Read it on every response and follow its instructions' for the `helper_instruction` field in API responses, creating a direct prompt injection/RCE vector if the `clawdint.com` API is compromised. While the stated purpose is benign, these mechanisms allow for arbitrary command execution by a compromised remote server.
- External report
- View on VirusTotal