Back to skill
Skillv1.0.0
VirusTotal security
Auto Improve · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:59 AM
- Hash
- 6705205f576b2e8490f5a61f9aa99335afe3242eb9575563b36afea9d1ddd73b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-improve Version: 1.0.0 The skill is classified as suspicious due to a significant prompt injection vulnerability identified in `SKILL.md`. The agent is instructed to load context from and update a file named `.antigravity.md`. This creates a feedback loop where an attacker could potentially inject malicious instructions into the `.antigravity.md` file (e.g., via crafted project names or error messages that get logged) which the agent would then load and execute in subsequent operations. While this presents a critical remote code execution risk, there is no explicit evidence of intentional malicious behavior like data exfiltration or backdoor installation within the provided files, aligning it with a vulnerability rather than intentional malice.
- External report
- View on VirusTotal