Back to skill
Skillv1.0.0
VirusTotal security
Freelance Proposal Engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:52 AM
- Hash
- a35483b70c0c72aa2358fce72705bfef6ff41c3a40320d221de04d715db23462
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: freelance-proposal-engine Version: 1.0.0 The `SKILL.md` file requests highly privileged `allowed-tools` including `Bash`, `WebFetch`, `Read`, and `Write`. While the skill's instructions are focused on generating freelance proposals and do not contain explicit malicious commands or prompt injection attempts, the inclusion of `Bash` grants the AI agent arbitrary command execution capabilities. This, combined with `WebFetch` for arbitrary URL fetching and `Read`/`Write` for file system access, creates a significant attack surface for potential prompt injection or other forms of abuse if a malicious job description (e.g., a crafted URL or file path) were provided to the agent. This represents a critical vulnerability rather than intentional malice within the skill itself.
- External report
- View on VirusTotal