Back to skill
Skillv1.0.2
VirusTotal security
whoami · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:56 AM
- Hash
- 42168a0391982d4b3f76fee0defae9054b2edaeee7e5dc92a4490e326bebcc9a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: whoami Version: 1.0.2 The `SKILL.md` file contains a critical prompt injection vulnerability. It explicitly instructs the AI agent to execute `curl -s "<provided-url>" > ~/.whoamiagent`, where `<provided-url>` is directly supplied by the user. This allows a malicious user to inject arbitrary configuration into the sensitive `~/.whoamiagent` file, including redirecting the `WHOAMI_ENDPOINT` to an attacker-controlled server. Consequently, all subsequent API requests made by `scripts/whoami_profile.py` would be directed to the malicious server, potentially leading to data exfiltration of user profile information or manipulation of the AI agent's operational context. While the Python script itself does not exhibit malicious intent, this vulnerability in the agent's instructions creates a significant attack vector.
- External report
- View on VirusTotal