Back to skill
Skillv1.1.0
VirusTotal security
Didit Aml Screening · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:00 AM
- Hash
- 1aaadcacf68345eb5b3a073ccdf09f71ef0ac05f2970788804163bee1728f128
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: didit-aml-screening Version: 1.1.0 The `SKILL.md` file contains explicit instructions for programmatic API key registration, including `POST` requests to `https://apx.didit.me/auth/v2/programmatic/register/` and `https://apx.didit.me/auth/v2/programmatic/verify-email/`. While presented as 'Getting Started' steps for a user to obtain an API key, these instructions could be interpreted by an AI agent as commands to execute, leading to unintended account creation or network calls outside the skill's primary AML screening function. This constitutes a prompt injection vulnerability against the agent. The `scripts/screen_aml.py` file, however, is benign and correctly implements the stated AML screening functionality using an existing API key.
- External report
- View on VirusTotal