Back to skill
Skillv1.0.0
VirusTotal security
my_skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:53 AM
- Hash
- 42644c0b0eaf78a84bd776faf05665e83a24a7c1dfb9afb2007bc007019ae309
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: myskilltest Version: 1.0.0 The skill is designed to integrate with the 1Password CLI, which is a legitimate purpose. However, it contains strong, mandatory instructions (prompt injection) for the AI agent to *always* execute `op` commands within a dedicated `tmux` session, as detailed in `SKILL.md`. While the stated reason for this is to 'avoid re-prompts and failures,' this level of control over the agent's execution environment for a sensitive tool like 1Password CLI represents a risky capability. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation, and the skill includes guardrails for secure secret handling. The `tmux` requirement, though, is a significant and unusual directive that could be a vector for future abuse or unintended behavior if the agent's `tmux` handling or the `tmux` skill itself were compromised.
- External report
- View on VirusTotal