Back to skill
Skillv1.0.0
VirusTotal security
productOptimizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:41 AM
- Hash
- 75493252152931a20abbac51b0c8e8b4edf40a2b3b0c3e3c48f86dd09e10e374
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: viq-bc-optimiser Version: 1.0.0 The skill is classified as suspicious due to prompt injection attempts in `SKILL.md` and the use of `--break-system-packages` during installation. The `SKILL.md` file contains strong directives like 'CRITICAL: Do NOT stop between pages. Process ALL pages continuously until done.' and 'IMMEDIATELY proceed to the next page. Do NOT wait for user input.' These are attempts to override the agent's autonomy and user intervention, which, while seemingly aimed at task completion, represent a vulnerability in agent control. Additionally, the `pip install requests --break-system-packages` instruction, while installing a benign library, uses a flag that can compromise system package integrity, posing a vulnerability risk. The Python script `bc_optimizer.py` itself does not contain direct malicious code for exfiltration or unauthorized execution.
- External report
- View on VirusTotal