Back to skill
Skillv1.0.0
VirusTotal security
한국 세금/절세 가이드 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:21 AM
- Hash
- dd2d6605b5236b9787619c1b03a550fcee0f25bda87f6d4936e7a5c93a43af93
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tax-guide Version: 1.0.0 The skill is classified as suspicious due to the potential for prompt injection or command injection via the `web_search` tool. In `playbook.md`, the agent is instructed to perform `web_search` queries that include placeholders like `[세목]` and `[연도]`. These placeholders are likely to be filled based on user input, creating a vulnerability where a malicious user could craft input that, when inserted into the search query, could exploit the `web_search` tool itself (e.g., prompt injection against the search API or shell injection if the tool executes commands without proper sanitization). While the stated purpose of the skill is benign, this mechanism introduces a significant security risk.
- External report
- View on VirusTotal