Back to skill
Skillv0.1.1
VirusTotal security
NextCloud Deck Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:42 AM
- Hash
- 52d5590db0bcc88385cce939e56fc089bb7c1f9d51972b37bc1a7d656c7105d2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-deck-tracker Version: 0.1.1 The skill provides legitimate task management features for NextCloud Deck, requiring network access and the ability to spawn background processes (`deck monitor`). However, the 'AI Protocol: Complex Descriptions' in both `SKILL.md` and `README.md` instructs the AI agent to use a temporary file method for updating card descriptions. This involves writing arbitrary content to `/tmp/deck_desc_<id>.txt` and then using `$(cat /tmp/deck_desc_<id>.txt)` within a command. This pattern creates a significant prompt injection vulnerability, allowing an attacker to instruct the AI agent to write and execute arbitrary shell commands, leading to potential Remote Code Execution (RCE).
- External report
- View on VirusTotal