Back to skill
Skillv0.1.0
VirusTotal security
Testing Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- 3104cd9a04552c068f23bf40fecd2df79207353d0a7d54f21f7eb7308dc07f85
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: testing-workflow Version: 0.1.0 The skill instructs the AI agent to perform file write operations, specifically to "commit [the Testing Strategy Template] to the repository" as detailed in SKILL.md. While this action is aligned with the stated purpose of documenting a testing strategy, it represents a file system access capability that, without further safeguards, could be exploited through prompt injection to write arbitrary or malicious content to the repository. Additionally, the README.md includes an `npx add` command for installation, which, while user-facing, introduces a supply chain risk if the remote source (`https://github.com/wpank/ai/tree/main/skills/testing/testing-workflow`) were compromised.
- External report
- View on VirusTotal