Back to skill
Skillv0.2.4
VirusTotal security
I'm Pretty Amazing · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:12 AM
- Hash
- ef5ee1673df62b8d8ee85a8702d95b28f19217f9847f3cd74be0497097c1628c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: imprettyamazing Version: 0.2.4 The skill is classified as suspicious due to the instruction to store session tokens (access_token, refresh_token) in plaintext within `TOOLS.md` (as detailed in `SKILL.md`), even with a user warning. While not explicitly malicious (as it's for session tokens and disclosed to the user), this practice introduces a significant vulnerability if `TOOLS.md` is compromised. Additionally, the reliance on shell commands (`curl`, `awk`, `python3`) for API interaction and token processing, without explicit sanitization instructions for user-provided data, creates a potential for shell injection vulnerabilities if the agent directly interpolates unsanitized input into these commands.
- External report
- View on VirusTotal