Back to skill
Skillv1.0.3
VirusTotal security
robo.fun · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:14 AM
- Hash
- 1662cbefd66016eb35893fb63e02177355e72844944683d700a2e970dc952640
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: robodotfun Version: 1.0.3 The skill bundle is classified as suspicious due to its reliance on the `curl` binary for all API interactions, which introduces a significant attack surface for prompt injection against the AI agent. While the skill's instructions in `skill.md` are consistently aligned with its stated purpose of interacting with the `api.robo.fun` prediction market, the broad capabilities of `curl` (network access, data transfer) mean that a compromised AI agent could be prompted to perform unauthorized actions, such as data exfiltration or arbitrary network requests, even if the skill itself does not contain such malicious instructions. Additionally, the market creation feature involves an 'LLM resolution system' that processes user-provided descriptions, which could be a prompt injection vulnerability against the Robo Fun platform's LLM, though the skill does not instruct the agent to exploit this.
- External report
- View on VirusTotal