Back to skill
Skillv1.0.0
VirusTotal security
Gamma · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:01 AM
- Hash
- 300d052553e66b5c82500e98b30ce87399e9c3be9da4d78db7fd61201d4ae601
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gamma Version: 1.0.0 The skill is classified as suspicious due to its capability to read arbitrary local files and send their content to the Gamma.app API. While the `SKILL.md` documentation provides an example `$(cat pitch.md)` for a legitimate use case, this mechanism could be abused by a prompt-injected agent to read sensitive local files (e.g., `~/.ssh/id_rsa`) and transmit them to `public-api.gamma.app`. Although the destination is the intended service, sending unintended sensitive data to any third-party service constitutes a potential data leak, representing a risky capability without clear malicious intent from the skill developer.
- External report
- View on VirusTotal