Back to skill
Skillv1.0.0
VirusTotal security
Zight - video instructions capability for agents · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:41 AM
- Hash
- d9052ba6ab6736d1cb6e5989e1152227f525e6beb5d0f1a68bdf0c211c9d5574
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: zight Version: 1.0.0 The skill's code and documentation align with its stated purpose of extracting structured data from Zight share links. The `skill.py` effectively mitigates Server-Side Request Forgery (SSRF) by enforcing `http://` or `https://` schemes for all network requests, preventing access to local files or other protocols. Crucially, the `SKILL.md` includes explicit instructions for the AI agent to treat extracted transcript content as 'candidate input' and to 'ask the user to confirm whether the extracted instructions should be used,' directly addressing and mitigating prompt injection risks from the skill's output. There is no evidence of data exfiltration, arbitrary code execution, persistence mechanisms, or malicious prompt injection within the skill's own instructions.
- External report
- View on VirusTotal