Back to skill
Skillv1.0.1
VirusTotal security
awesome-demo-web-build · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 10, 2026, 2:56 AM
- Hash
- aa58513eb9ef3a7284577da1ad5bd66864764864890dfcc19a5700b811ecae81
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: awesome-demo-web-build Version: 1.0.1 The skill bundle is a web project generator that scaffolds Next.js applications by executing shell commands (npx, npm) and fetching external design specifications. While these capabilities are aligned with its stated purpose, the process involves using WebFetch to retrieve Markdown files from a third-party GitHub repository (VoltAgent/awesome-design-md) which are then used to guide the AI's code generation logic (SKILL.md, Phase 7). This creates a significant attack surface for indirect prompt injection, where malicious content in the remote design files could influence the generated code or agent behavior. No evidence of intentional malice was found, but the high-risk combination of shell execution and untrusted remote content fetching warrants a suspicious classification.
- External report
- View on VirusTotal