Back to skill
Skillv1.0.0
VirusTotal security
Immortal · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:15 AM
- Hash
- 1e28dd14aceb07a889f3f196a749506fcdf9fcfa685993d868d0596239e75609
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: immortal Version: 1.0.0 The skill is designed to fetch crypto asset vitality metrics from an external API. While its core functionality is benign, the `scripts/assess_vitality.py` script accepts an `--api` argument, allowing the agent to be prompted to make network requests to an arbitrary URL. This capability, without explicit input validation or restrictions on the target URL, presents a vulnerability (e.g., potential Server-Side Request Forgery or data exfiltration if pointed to a malicious endpoint) that could be exploited by a compromised agent prompt, classifying it as suspicious rather than benign due to this risky capability.
- External report
- View on VirusTotal