Back to skill
Skillv1.0.0
VirusTotal security
Oracle · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 10:56 PM
- Hash
- c6f0688eaa48a7190b0965e1b16d8c13a59c58aafc86d2e3724895593ba83cce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: prompt-bundler-oracle Version: 1.0.0 The skill describes a CLI tool ('oracle') for bundling local files and sending them to external LLM providers via API or browser automation. It possesses high-risk capabilities, including broad file system access (via globs), network communication, and a remote server mode ('oracle serve' on port 9473). While these features are consistent with the stated purpose of providing repository context to AI models, the inherent risk of data exfiltration and the reference to a non-existent 'GPT-5.2 Pro' model are concerning. The skill instructs the agent to install and execute an external Node package (@steipete/oracle) and manage sessions in '~/.oracle/sessions' (SKILL.md).
- External report
- View on VirusTotal