Back to skill
Skillv1.0.1
VirusTotal security
transcript triage · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:24 AM
- Hash
- 3487c21c2cccbcea2a3288a0ec420c2e09e058733df7a29070d8c0decbb7a7a6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: transcript-triage Version: 1.0.1 The `SKILL.md` file instructs the AI agent to process user-provided transcripts and then 'Auto-add NOW items to current epic-notes/' and 'Log DECISIONS to memory/YYYY-MM-DD.md'. Since 'NOW items' and 'DECISIONS' are derived from untrusted user input, this creates a significant prompt injection vulnerability. An attacker could embed malicious commands or markdown within a transcript, which the agent might then execute or write to sensitive locations when following these instructions, potentially leading to unauthorized file writes or command execution.
- External report
- View on VirusTotal