Back to skill
Skillv1.0.4
VirusTotal security
Teams Delegate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:52 AM
- Hash
- 16c1bcbd7b15594c077234ebe9f01a2f9d14d08ac193e0d1bdc5faa8fe170812
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: teams-delegate Version: 1.0.4 The skill requests broad Microsoft Graph API permissions (e.g., Chat.ReadWrite, ChannelMessage.Send, User.Read) which, while necessary for its stated purpose of delegating Teams inbox management, grant significant control over the user's Teams account. More critically, the SKILL.md instructs the AI agent to 'use cron or heartbeat' for auto-reply mode. This is a direct prompt injection vulnerability, as an agent capable of executing shell commands could be instructed to create arbitrary cron jobs, potentially leading to persistence or unauthorized execution if the agent's environment is not properly sandboxed. All network communication is directed to the legitimate Microsoft Graph API (graph.microsoft.com), and there is no evidence of intentional data exfiltration or malicious execution within the provided code.
- External report
- View on VirusTotal