Back to skill
Skillv1.0.0
VirusTotal security
Office Document Editor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:26 AM
- Hash
- 83870facfd2683baa3d87055f4529e5e533b604cdbef895cafac03943cba2a67
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: office-document-editor Version: 1.0.0 This skill is classified as suspicious due to its broad capabilities for file system access and network operations, which present significant vulnerabilities for potential misuse, even without explicit malicious intent in the code. The `scripts/fetch_file.sh` and `scripts/interactive_edit.sh` scripts allow fetching and uploading files via arbitrary local paths, URLs (using `curl`/`wget`), and SFTP connections. While these are necessary for the stated purpose of a 'Universal Office Document Editor', they could be exploited via prompt injection against the AI agent to download and execute malicious payloads, or to exfiltrate sensitive local files to attacker-controlled remote servers. The `SKILL.md` instructions, particularly the phrase 'any DOCX/PPTX file from any source', further amplify this risk by encouraging broad interpretation by the agent.
- External report
- View on VirusTotal