Back to skill
Skillv1.0.0
VirusTotal security
Alter Actions · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:04 AM
- Hash
- c9ad9f9824c25300aa4fc9548889e1ee57c8ff9d0172304ef35979a809e0c788
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: alter-actions Version: 1.0.0 The skill is classified as suspicious due to its reliance on the `open` command, a direct shell command, to trigger x-callback-urls for the Alter macOS application. While this mechanism is plausibly needed for its stated purpose of interacting with Alter, it represents a risky capability (shell access) that could be misused if the Alter application itself has vulnerabilities or if the AI agent is prompted to construct malicious URLs. The skill also exposes a broad range of powerful capabilities from the Alter app, including file generation (e.g., `create-html`, `create-react-app`) and web search (`ask-web`), which, while aligned with the stated purpose, could lead to unintended consequences if exploited. No clear evidence of intentional malicious behavior or prompt injection against the agent was found within the `SKILL.md` itself.
- External report
- View on VirusTotal