Back to skill
Skillv1.0.0
VirusTotal security
Agent Vision Scraper · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:09 AM
- Hash
- 5f8f856695abb1b826514448666512ebe986fe8ca57015608e466870fb76725d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-vision-scraper Version: 1.0.0 The skill is classified as suspicious due to two primary security vulnerabilities: 1) The `skill.md` and `README.md` explicitly state that VNC access is enabled on port 5900 without a password, allowing anyone with network access to view and potentially control the browser session, which could expose sensitive data. 2) The `agent-scraper.js` script directly embeds the user-provided instruction (`userInstruction`) into the LLM's prompt (`augmentedInstruction`), creating a significant prompt injection vulnerability. While the skill's stated purpose is legitimate web scraping, these flaws could be exploited by a malicious user or external attacker to compromise data or control the agent.
- External report
- View on VirusTotal