Back to skill
Skillv0.1.0
VirusTotal security
Finance Search Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:02 AM
- Hash
- 5537462ba761b849f4866f2528ba8754c2ea8c588969a055ef4436d77abac4cb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: finance-search-agent Version: 0.1.0 The skill bundle is classified as suspicious primarily due to a significant prompt injection vulnerability outlined in 'Golden Rule 1: User Input Is the Absolute Ground Truth' within SKILL.md. This instruction mandates the AI agent to 'unconditionally obey' user input, which, when combined with the agent's ability to perform network requests via `url_scraping` and create/append to files, creates a high-risk attack surface. A malicious user could exploit this directive to instruct the agent to perform unauthorized actions, such as scraping sensitive internal URLs or manipulating file content, even though the skill developer's intent does not appear to be malicious.
- External report
- View on VirusTotal