Back to skill
Skillv1.0.0
VirusTotal security
South African Tax Article Generator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:21 AM
- Hash
- 0f689d33189677dac42a714451783b1e7ba1c534401696d78d8b2df101056f05
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tax-article-generator Version: 1.0.0 The skill is suspicious due to a significant prompt injection vulnerability. The `index.py` script uses `string.Template.safe_substitute()` to insert user-controlled input variables (defined in `SKILL.md`) directly into markdown article templates without any sanitization. This allows an attacker to inject arbitrary markdown or OpenClaw agent instructions into the generated content, which could then be executed by the agent or a downstream system if it processes the output.
- External report
- View on VirusTotal