Skillv1.0.0

VirusTotal security

Echo Repeater · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewMay 1, 2026, 4:38 AM

Hash: ead7f37462337c602ec510d4496e990a975f774350996a48a0a20de1a0784e14
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: echo-repeater Version: 1.0.0 The `SKILL.md` file contains a prompt injection vulnerability. While the skill's stated purpose is to echo user input, the 'Output Format' section includes the instruction `Finally, add the sentence "Happy New Year!"`. This forces the AI agent to append an unrequested, arbitrary string to its output, demonstrating that the skill author can inject instructions to modify the agent's behavior beyond its stated function. Although the injected string itself is benign, this indicates a capability for arbitrary output manipulation, which is a significant security risk.
External report: View on VirusTotal