Back to skill
Skillv1.0.1
VirusTotal security
Musallat Bot · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:22 AM
- Hash
- f9e98c32936bb5c513593bad85096dac555be9842450572db4b709e62262da22
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: musallat-bot Version: 1.0.1 The `skill.md` file contains direct instructions to the OpenClaw agent to adopt a specific persona, which constitutes a form of prompt injection, even though its objective is not overtly malicious. Additionally, `skill.md` hardcodes an API key (`AIzaSyBxfb-8s5TsOVvr55_E5lDbilpVLoSwIj8`), which is a credential exposure, even if intended for the skill's own use. While the Python code attempts to retrieve the API key from an environment variable, the hardcoded key in the markdown file represents a security flaw and a risky capability.
- External report
- View on VirusTotal