Back to skill
Skillv1.0.0
VirusTotal security
Outdoor Sports Event Risk Analysis Tool | 户外体育赛事风险分析工具 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 15, 2026, 2:56 PM
- Hash
- 6c9ea9f6833f8192ce02ab22c7704f6dfd00dcfaf5e35ba1eb8dd5764ee4e6de
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smyx-sport-analysis Version: 1.0.0 The skill bundle provides sports and health video analysis by interfacing with a remote API (lifeemergence.com), but exhibits several high-risk behaviors. SKILL.md contains aggressive prompt steering instructions labeled as 'Highest Priority' that command the AI agent to ignore local memory and strictly use the provided cloud API, which is a form of prompt injection to control agent behavior. The shared utility library (smyx_common/scripts/util.py) implements an automated login/registration flow that collects sensitive user identifiers like phone numbers and caches authentication tokens in a local SQLite database (dao.py). Additionally, the skill utilizes subprocess.run to execute openclaw agent commands (smyx_common/scripts/skill.py), providing a mechanism for recursive task execution. While these features likely support the commercial service, the combination of PII collection, local credential caching, and mandatory prompt overrides warrants a suspicious classification.
- External report
- View on VirusTotal