Back to skill
Skillv0.1.0
VirusTotal security
Maylo Voice Assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:02 AM
- Hash
- 0c9dc100ee47ab9da54bb0da4517a3248b4ab4e76e608eb50dd65aab00b9a461
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: maylo-voice-assistant Version: 0.1.0 The skill is classified as suspicious due to a significant prompt injection vulnerability. User-transcribed speech is directly passed as the `--message` argument to a local OpenClaw agent instance (`openclaw agent --local --message <text>`) by `assets/app/bridge/milo_responder_openclaw.py`, with the input originating from `assets/app/maylo_assistant/core.py`. This allows user input to potentially manipulate the local AI agent's behavior. Additionally, the skill executes various system commands like `brew install switchaudio-osx` in `scripts/install.sh`, `openssl req` in `scripts/run_web_https.sh`, and `say` in `assets/app/maylo_assistant/core.py`, which, while plausibly for functionality, represent broad system access. No evidence of intentional data exfiltration, backdoor installation, or other malicious activities was found.
- External report
- View on VirusTotal