Back to skill
Skillv1.0.0
VirusTotal security
mufi-admin · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- f5ea78c39116e8033e98dd386afc44c187bce167a3085006404eca996d2baf72
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mufi-admin Version: 1.0.0 The `SKILL.md` file explicitly instructs the OpenClaw agent to use `evaluate` for direct DOM manipulation (e.g., `document.querySelectorAll(...).click()`, `document.querySelector(...).click()`). While the provided JavaScript snippets are benign and related to the stated purpose of automating admin tasks on `https://admin.muinfilm.com`, this instruction highlights a powerful capability that allows arbitrary JavaScript execution within the browser context. This presents a significant prompt injection vulnerability against the agent, as a malicious prompt or a modified `SKILL.md` could leverage this to execute harmful code.
- External report
- View on VirusTotal