Back to skill
Skillv0.1.1
VirusTotal security
Morning · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- ab7442347ad1ba3c2666af5c8f6ba8dbede115b8a6dbc403f5c4151fed90ea97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: morning Version: 0.1.1 The skill is classified as suspicious primarily because its `SKILL.md` explicitly lists `Bash` as an `allowed-tool`. While the skill's instructions themselves do not direct the AI agent to execute malicious shell commands, granting `Bash` access introduces a critical prompt injection vulnerability. An attacker could craft prompts to trick the agent into executing arbitrary commands, leading to potential remote code execution. Additionally, the skill's use of `Read`, `Edit`, `Write`, `Glob`, and `Grep` tools with relative paths (e.g., `../../journal/`) grants broad file system access, which, if combined with a `Bash` exploitation, could lead to significant data compromise or system manipulation.
- External report
- View on VirusTotal