Back to skill
Skillv1.0.0
VirusTotal security
Firm Medtech Pack · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:58 AM
- Hash
- 9634794edc6ca1a6679c0aa806dc5f08d570aeac7aa71e696d63e2f26841d7db
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: firm-medtech-pack Version: 1.0.0 The skill bundle is classified as suspicious due to its declaration of powerful tools, specifically `sessions_spawn` and `sessions_send`, within the `SKILL.md` file. While there are no explicit malicious instructions or prompt injections within the provided content, these tools grant the AI agent the capability to execute arbitrary shell commands and send data, respectively. The `firm configuration overlay` also specifies a `non-main` sandbox mode, confirming that the agent will operate with system interaction capabilities, which could be exploited through prompt injection vulnerabilities if the agent is given a malicious prompt by a user. This represents a significant security risk, even if not intentionally malicious within the bundle itself.
- External report
- View on VirusTotal