Back to skill
Skillv1.0.0
VirusTotal security
Shop from Microsoft - With your creditcard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 6:58 AM
- Hash
- a7282e9e12fc207588f9fe8060454ad24dcb2853152dcb428e55e121af156c55
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: microsoft Version: 1.0.0 The skill bundle facilitates high-risk financial transactions and includes instructions in SKILL.md that direct the AI agent to execute shell commands (curl) to download and overwrite local files from a remote domain (creditclaw.com). This pattern functions as a remote instruction injection vector, allowing the remote server to alter the agent's behavior after the initial security review. Additionally, there is a discrepancy in _meta.json where the 'slug' is set to 'microsoft' despite the content being entirely focused on the 'CreditClaw' service, which is a common indicator of brand impersonation or misleading metadata.
- External report
- View on VirusTotal