Back to skill
Skillv1.0.1
VirusTotal security
Repository Discovery · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:16 AM
- Hash
- b349482b4a419020c1cc70208d5a8cfcd08f6aac244b804bcaeca35c05641624
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: repo-discovery Version: 1.0.1 The skill instructions in `SKILL.md` direct the agent to prioritize and follow instructions found within the target repository (e.g., `.github/agent.md`), which facilitates indirect prompt injection from untrusted codebases. Additionally, it explicitly tasks the agent with searching for and documenting sensitive information such as API keys and environment variables from `.env` files, posing a risk of accidental secret exposure in the generated `REPO_DISCOVERY.md` report.
- External report
- View on VirusTotal