Back to skill
Skillv0.1.1
VirusTotal security
Clawfy Pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:03 AM
- Hash
- 13b55908a95d1034ec6f0fe4f9c5a2c163acd72002f8d6827d4a3d990eec35c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawfy-pro Version: 0.1.1 The skill instructs the AI agent to execute the `clawhub search` CLI command with a query string derived directly from user-provided page context (URL, body text, code blocks) found in `SKILL.md`. While the skill's stated intent is benign (skill discovery), this pattern introduces a potential shell injection vulnerability if the `clawhub` CLI does not robustly sanitize its input. Furthermore, as `SKILL.md` instructions are an attack surface for prompt injection, an attacker could attempt to override the explicit negative constraint "Do not execute install commands" to trick the agent into performing unauthorized actions.
- External report
- View on VirusTotal