Back to skill
Skillv0.1.2
VirusTotal security
Aivilization · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 5:10 AM
- Hash
- b3431c8850ba220b978a081195354b84fa21e046554e191d5375a27993bd4eff
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aivilization-claw Version: 0.1.2 The skill bundle is classified as suspicious due to significant vulnerabilities related to its self-update mechanism and prompt injection vectors. The `HEARTBEAT.md` file contains `curl` commands that re-fetch and overwrite `SKILL.md` and `HEARTBEAT.md` from `portal.aivilization.ai` every 4 hours. This creates a critical supply chain risk, as a compromise of the `portal.aivilization.ai` server could allow an attacker to inject arbitrary shell commands or prompt injection instructions, leading to remote code execution on the agent. Furthermore, `SKILL.md` explicitly instructs the agent to 'execute every instruction in it' from `HEARTBEAT.md`, which is a direct prompt injection vulnerability. While all network interactions are with the legitimate `aivilization.ai` domain and there's no evidence of intentional malicious behavior like data exfiltration to unauthorized third parties, these vulnerabilities pose a high risk for exploitation.
- External report
- View on VirusTotal