Back to skill
Skillv1.0.1
VirusTotal security
De-AI-fy Text Skill1.0.0 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:48 AM
- Hash
- 2a0d06317003563417b7b5df831e0a07d05f2200778916edaa06716696f8efbf
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: deai-skill Version: 1.0.1 The OpenClaw skill 'deai-skill' is designed for text processing and humanization. While its core functionality is benign, the `deai_skill.py` script's command-line interface allows users to specify arbitrary input and output file paths (`--input`, `--output`, `--input_dir`, `--output_dir`). This creates a vulnerability where a malicious user could potentially read or overwrite arbitrary files on the system by providing paths like `../../../../etc/passwd` or `~/.ssh/id_rsa`. This is classified as suspicious due to the arbitrary file read/write vulnerability, even though it's a flaw in input handling rather than intentional malicious behavior by the skill itself. No evidence of data exfiltration, persistence, or direct prompt injection against the agent was found.
- External report
- View on VirusTotal