Back to skill
Skillv1.0.0
VirusTotal security
case.dev · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- baf882aa96226a3dbf8c7847975b3ff3ca1f6d3208936c7e320bf159a65a6f16
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: casedev Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities exposed to the AI agent, creating significant prompt injection vulnerabilities. The `setup/SKILL.md` file documents the `curl -fsSL ... | sh` installation method, which is a supply chain risk allowing arbitrary code execution if the remote script is compromised. More critically, `setup/SKILL.md` exposes `casedev api` for raw API access and the `--api-url` global flag, enabling the agent to make arbitrary HTTP requests to any external endpoint. This capability, combined with local file upload features in `vaults/SKILL.md`, could be abused by a prompt-injected agent for data exfiltration or unauthorized network access, even though the skill itself does not explicitly instruct such malicious behavior.
- External report
- View on VirusTotal