Back to skill
Skillv0.1.0
VirusTotal security
Deep Strategy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:59 AM
- Hash
- 2972064b1483cc4814b92b6e28ae2368b50d94a1f6e898744f0e21df8a26fd6c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: deep-strategy Version: 0.1.0 The skill bundle is classified as suspicious due to a significant prompt injection vulnerability and the mandated use of powerful tools with user-derived input. Specifically, the 'High Fidelity User Intent Transfer Principle' in `SKILL.md` instructs the agent to pass the user's original writing requirements directly to the `compose_written_content` tool without interpretation or decomposition, creating a direct channel for prompt injection. Additionally, the agent is instructed to use tools like `data_analyst` for 'code tasks' and `conduct_deep_research` for 'global-scale network information retrieval' based on user input, which, if not properly sandboxed and sanitized by the underlying tools, could lead to arbitrary code execution or unauthorized network access. While the skill attempts to defend against prompt injection for its own system instructions (Golden Rule 3), the 'high fidelity' transfer mechanism bypasses this for delegated tasks.
- External report
- View on VirusTotal