Back to skill
Skillv0.0.2
VirusTotal security
Prediction Bridge Dev · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:49 AM
- Hash
- f6632e6298d9a90a1e66025942fedb35b30b89b124cc5d293c8b300c01875d88
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prediction-bridge-dev Version: 0.0.2 The skill uses `curl` to interact with an external API, which is expected for its functionality. However, the `SKILL.md` instructs the AI agent to directly embed user input (`<USER_TEXT_OR_X_URL>`) into a JSON payload without explicit sanitization. This creates a potential prompt injection or JSON injection vulnerability (in `SKILL.md`) if the AI agent performs naive string substitution, allowing a malicious user to alter the JSON structure sent to the backend.
- External report
- View on VirusTotal