Back to skill
Skillv1.0.5
VirusTotal security
CAD Viewer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:51 AM
- Hash
- 01009a0dfcb61f35d68e6bb30336cf6413e8455c8c0fa7a987c7cbd61b971a54
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cad-viewer Version: 1.0.5 The skill implements a 'Self-Learning Mechanism' in SKILL.md that instructs the AI agent to read and follow persistent instructions stored in a .learning/ directory within the user's project root. This creates a high-risk surface for persistent prompt injection where malicious 'insights' derived from untrusted CAD files could influence the agent's behavior in future sessions. Additionally, scripts/setup.sh requires sudo privileges and downloads/executes binaries from external domains (opendesign.com and qcad.org). While these behaviors are documented and plausibly related to CAD processing, the combination of system-level access and a persistent instruction-following loop is highly risky.
- External report
- View on VirusTotal