Back to skill
Skillv1.0.0
VirusTotal security
Price Hunter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:51 AM
- Hash
- 59add6ffa5f98f41a751eb9cf4d3e5cdf883ff5c819bf8ac8f3a72c74f1d544c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: price-hunter Version: 1.0.0 The skill instructs the AI agent to process user-provided URLs and construct `web_search` queries using unsanitized user input. This creates a significant prompt injection surface and a potential Server-Side Request Forgery (SSRF) vulnerability if the `web_fetch` tool (implicitly used for user-provided URLs) is not properly sandboxed. While the stated purpose is benign price comparison, these instructions in `SKILL.md` enable risky capabilities that could be exploited by a malicious user to direct the agent to arbitrary external sites or manipulate search queries for unintended actions.
- External report
- View on VirusTotal