Back to skill
Skillv1.0.1
VirusTotal security
Farcaster Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:36 AM
- Hash
- e97cc608912e00d55fd646452b239c305933ed82c9357b2efc8a3710ebe309b8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: farcaster-skill Version: 1.0.1 The `SKILL.md` file contains an `eval` instruction for loading API keys and signer UUIDs from a JSON file. While intended for convenient setup, this `eval` command presents a significant prompt injection vulnerability, as a malicious prompt could instruct the AI agent to source a specially crafted JSON file, leading to arbitrary command execution. Additionally, the skill includes an example of uploading files to `litterbox.catbox.moe` via `curl`, which, while plausible for media embeds, involves interaction with an external, third-party service. The core scripts themselves appear to be benign and focused on the stated Farcaster API interactions.
- External report
- View on VirusTotal