Back to skill
Skillv1.0.0
VirusTotal security
Token Saver 75+ · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:58 AM
- Hash
- 828b886d10b696ebb8c4f325dd85010922af3a6079001d495e403e2788ba0f11
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: token-saver-75plus Version: 1.0.0 The skill is designed for token optimization and model routing, which are benign goals. However, the `SKILL.md` instructions create significant prompt injection vulnerabilities. Specifically, it instructs the agent to use `sessions_spawn` for 'ALL code generation' via `openai/gpt-5.3-codex` and for T4 strategy tasks via `anthropic/claude-opus-4-6` with the explicit instruction 'You have full tool access.' These broad capabilities, while not inherently malicious in their design, allow a malicious user prompt to coerce the agent into generating and potentially executing harmful code or performing unauthorized actions using its 'full tool access', thus posing a high risk of exploitation.
- External report
- View on VirusTotal