Back to skill
Skillv0.1.5
VirusTotal security
Python Sdk · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:31 AM
- Hash
- 6aa433e836152dbb1f1da04160c93a0141e546f8dfc053a521c9865945a92f17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: python-sdk Version: 0.1.5 This skill bundle is classified as suspicious due to the extremely broad permissions and powerful capabilities it exposes, which could be exploited via prompt injection against the AI agent. The `SKILL.md` explicitly grants `Bash(python *)` permission, allowing the agent to execute arbitrary Python code. Furthermore, the documentation details the use of `internal_tools().code_execution(True)` and `webhook_tool` (with `secret` access) for making external HTTP requests, which could be leveraged for data exfiltration or unauthorized actions if the agent is prompted maliciously. While the files themselves are documentation and do not contain explicit malware, the combination of broad execution permissions and powerful network/file access tools presents a significant attack surface.
- External report
- View on VirusTotal