Back to skill
Skillv0.1.0
VirusTotal security
General Search Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:02 AM
- Hash
- e2d03b8933796b213f21df9fea966f707f95d85bd89177cde0ecfa58bdab4a52
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: general-search-agent Version: 0.1.0 The skill bundle exhibits a prompt injection vulnerability within `SKILL.md`. The 'description' and 'Instructions' fields attempt to inject 'Current Date: $DATE$. If you perform google search, it often betters for English query input.' directly into the agent's context. While the content of this specific injection is not overtly malicious and appears to be an attempt to guide the agent's search behavior, it demonstrates a flaw where untrusted markdown instructions can directly influence the agent's prompt, posing a risk for future malicious prompt injections.
- External report
- View on VirusTotal