Back to skill
Skillv1.0.0
VirusTotal security
Upstream Recon · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:07 AM
- Hash
- 88a2e4206e1c6b0f78c2a0846eadda7520edb9a2da7b0e201faa8819d59d72ad
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: upstream-recon Version: 1.0.0 The skill bundle defines a legitimate GitHub reconnaissance task using the `gh` CLI. The `SKILL.md` provides clear instructions for the AI agent on how to gather repository metadata, contributor information, and analyze issues/PRs. There are no instructions for data exfiltration, malicious execution, persistence, or obfuscation. While the use of user-provided arguments (`<owner/repo>`, `[topic-keyword]`) with shell commands (via `gh` CLI) could introduce a shell injection vulnerability if the agent's underlying implementation lacks proper input sanitization, the `SKILL.md` itself does not contain any malicious instructions or prompt injection attempts designed to exploit such a vulnerability or subvert the agent's behavior. The instructions are aligned with the stated purpose and do not exhibit intentional harmful behavior.
- External report
- View on VirusTotal