Back to skill
Skillv1.0.5
VirusTotal security
Topic to Article Kit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:40 AM
- Hash
- 78d17a0d54ad36dd0221f6d6ab1d9091613d5ff19390df2210e8108f0f59130e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: topic-to-article-kit Version: 1.0.5 The skill bundle instructs the AI agent to perform web scraping and write files directly to the user's local Obsidian vault using an "absolute path under user's real vault," as specified in `SKILL.md`. While the stated purpose of creating research notes and outlines is benign, the instruction to bypass potential workspace sandboxing and write to an absolute path on the user's file system represents a high-risk capability. This could be exploited as an arbitrary file write vulnerability if the agent's path resolution or file system access controls are flawed, even though the skill itself does not demonstrate explicit malicious intent like data exfiltration or backdoor installation.
- External report
- View on VirusTotal