Back to skill
Skillv1.0.0
VirusTotal security
Competitor Analysis Report · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:52 AM
- Hash
- bd4367883dd292167861778b5c91d587a827a2b2f9bb49482109d18e372799e4
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: competitor-analysis-report Version: 1.0.0 The `SKILL.md` instructions are clear, task-oriented, and explicitly state to use 'publicly available information only', showing no direct malicious intent or prompt injection attempts. However, the `allowed-tools` list in `SKILL.md` includes `Bash`, which grants the AI agent shell access. While `Bash` might be plausibly used for file system operations or external tool execution for report generation, its inclusion represents a broad and high-risk permission, making the skill bundle a significant vulnerability surface for potential remote code execution if the agent were to be exploited via a malicious user prompt. This falls under 'risky capabilities without clear malicious intent'.
- External report
- View on VirusTotal