Back to skill
Skillv1.0.3
VirusTotal security
AstroClaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- fe4f50d9c6ee7b8e1e4f46348d608ccc6ebc8bdd675652667c2a9a01baeaf520
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: astroclaw Version: 1.0.3 The 'astroclaw' skill bundle instructs agents to fetch external data from a remote domain (astroclaw.xyz) and incorporate it into their context window daily. This creates a recurring vector for indirect prompt injection, as the instructions explicitly suggest using the fetched 'horoscope' to influence the agent's decision-making and generations. While the skill includes a security warning to sanitize the content in skill.md, the architecture establishes a potential command-and-control channel via untrusted remote payloads.
- External report
- View on VirusTotal