Back to skill
Skillv2.0.1
VirusTotal security
Diy Pc Ingest · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:38 AM
- Hash
- 60a8a657b4c84f5abbbe520849296715f9002059e6a54d60674cdddb491ec358
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-skill-diy-pc-ingest Version: 2.0.1 The skill is designed to ingest PC parts data into Notion databases, which is a legitimate purpose. However, the `SKILL.md` explicitly instructs the AI agent to use `web_search/web_fetch` for data enrichment. While the stated intent is benign, this capability allows the agent to make arbitrary external network requests, which presents a significant vulnerability for prompt injection or data exfiltration if the agent is compromised or given a malicious prompt. The underlying Python and Node.js scripts (`scripts/notion_apply_records.py`, `scripts/notion_apply_records.js`) are otherwise clean, interacting only with the legitimate Notion API and local configuration files, and do not show signs of intentional malice or unauthorized actions beyond their stated purpose.
- External report
- View on VirusTotal