Back to skill
Skillv0.1.1
VirusTotal security
Arxiv Batch Reporter · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:00 AM
- Hash
- 1a497c1c6e127126f63a11dce28b022068b1d30038c75a83e9af3a2fc8004504
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: arxiv-batch-reporter Version: 0.1.1 The skill is vulnerable to prompt injection. The `scripts/collect_summaries_bundle.py` script reads content from user-controlled `summary.md` files and `task_meta.json`, then directly embeds this content into `summaries_bundle.md`. According to `SKILL.md`, this bundle is subsequently fed to the AI agent for generating the report template. This allows an attacker to inject malicious instructions into the AI agent by crafting the content of `summary.md` or `task_meta.json` files within the `--base-dir`.
- External report
- View on VirusTotal