Back to skill
Skillv1.0.0
VirusTotal security
Chinese Chess · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:45 AM
- Hash
- 785a58e797e235ace721aeb3107871adeca484f9e468aa22ee3146bc933a2043
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chinese-chess Version: 1.0.0 The SKILL.md instructs the AI agent to read all files from hardcoded absolute paths on the host system (`/Users/root009/projects/demos/g1/game2` and `/Users/root009/projects/demos/g2/game2`). This capability allows the agent to access and process arbitrary local files outside the skill's own bundle, posing a significant information disclosure risk. While there are no explicit instructions for data exfiltration or malicious execution, the ability to read arbitrary files from the host filesystem is a high-risk behavior that could be exploited for sensitive data leakage or further prompt injection.
- External report
- View on VirusTotal