Back to skill
Skillv0.1.0
VirusTotal security
Paper Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:57 AM
- Hash
- 2f60cd99bbea6b1405421c708bc9a3babb48a17ca773a3f3c10a5895261cbc65
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paper-workflow Version: 0.1.0 The skill bundle contains instructions in SKILL.md and README.md that direct the AI agent to download external markdown files via 'curl' from lobehub.com and then 'follow the instructions' found within those files. This pattern creates a significant risk of remote prompt injection, as it allows external, potentially mutable content to dictate the agent's behavior. While the stated purpose of orchestrating academic paper production is plausible and no explicitly malicious code (like data exfiltration) is present, the reliance on fetching and executing remote instructions is a high-risk vulnerability.
- External report
- View on VirusTotal