Back to skill
Skillv1.0.0
VirusTotal security
zoho-support-claw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:36 AM
- Hash
- fbf8f505ac5276d4198182d0b044900806cb4a53fdeefddfec3489d0d3a47f5b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zoho-support-claw Version: 1.0.0 The skill is classified as suspicious due to a potential indirect prompt injection vulnerability in `lib/replyGenerator.js`. Ticket subject, description, and context (derived from other tickets) are directly embedded into the user prompt for the OpenAI API without sanitization. If an attacker can inject malicious instructions into Zoho Desk ticket fields, these could potentially influence the LLM's behavior to generate harmful content or reveal unintended information. While network and file access are consistent with the skill's stated purpose, this specific vulnerability poses a risk.
- External report
- View on VirusTotal