Back to skill
Skillv1.0.1
VirusTotal security
Workspace Project Standard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:39 AM
- Hash
- 3b0983d2a435130105bb101b10a6dad19721a0d037d9382592fcc3b999324874
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: workspace-project-standard Version: 1.0.1 The skill is suspicious due to instructions that introduce significant vulnerabilities. It instructs the AI agent to execute a PowerShell script (`scripts/new-project.ps1`) and to directly modify its own configuration files (`AGENTS.md`, `MEMORY.md`) by adding user-provided project names. This creates a high risk of prompt injection, where an attacker could potentially inject malicious commands or paths into the agent's memory or whitelist, leading to unauthorized file system access or altered agent behavior, especially if the `<project-name>` input is not properly sanitized.
- External report
- View on VirusTotal