Back to skill
Skillv1.0.0
VirusTotal security
Telnyx Freemium Upgrade · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:19 AM
- Hash
- aa3bcab122418f10ef6dd5ca952b337504011930e1fa0c76553694d4169a78f1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: telnyx-freemium-upgrade Version: 1.0.0 The skill is classified as suspicious due to significant prompt injection vulnerabilities against the OpenClaw agent, primarily within the SKILL.md instructions. Specifically, the `openclaw cron add` command's `--message` argument interpolates variables like `<EVALUATION_ID>` (sourced from an external API) directly into a command string. If this external ID is not sanitized, it could allow an attacker to inject arbitrary commands for execution by the agent. Similarly, the API key resolution in SKILL.md uses a shell command that interpolates `$HOME`, posing another potential shell injection risk. While the skill's stated purpose (Telnyx account upgrade) and the code's functionality appear benign, these vulnerabilities could lead to arbitrary command execution if exploited, without clear evidence of intentional malicious design within the skill itself.
- External report
- View on VirusTotal