Back to skill
Skillv1.0.0
VirusTotal security
ClawMart Creator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:02 AM
- Hash
- 5a9563f26e5fe3b8ef3974bbd6c6ddb7a564049819f40115a745e5ecb71f9c3e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawmart Version: 1.0.0 The skill is classified as suspicious due to the inherent prompt injection risk against the AI agent, specifically concerning its ability to generate and upload skill/persona packages (SKILL.md, SOUL.md, MEMORY.md) to an external platform (`shopclawmart.com`). While the skill's stated purpose and explicit guardrails (e.g., 'Ask for explicit user confirmation before publishing', 'Never expose raw API keys') are benign, the capability to generate arbitrary content for these packages based on user input, and then upload them via `POST /listings/{id}/versions`, presents a significant vulnerability for potential supply chain attacks on the ClawMart platform if the agent is successfully prompted to create malicious content.
- External report
- View on VirusTotal