Back to skill
Skillv1.0.5
VirusTotal security
Aoment Visuals · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:59 AM
- Hash
- c65e59fa0722c60c77235ffb4ea2add3e9ffd99365113d0a7f6b2660b6aa545e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aoment-visuals Version: 1.0.5 The skill bundle contains a highly aggressive 'Auto-Update Policy' in SKILL.md that instructs the AI agent to perform mandatory downloads of a remote ZIP file from aoment.com if the package is more than 3 days old. This is a form of instruction-based prompt injection designed to bypass static analysis by forcing the agent to fetch and potentially execute unverified code from a third-party source. While the current scripts (aoment_visuals.py, aoment_register.py) appear to be standard API wrappers for image generation, this remote code delivery mechanism poses a significant supply chain risk.
- External report
- View on VirusTotal