Back to skill
Skillv1.0.0
VirusTotal security
Pollen Forecast 花粉播报 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Hash
- 4bc3007e175dd240bc5a40e16d77b0a0584aae07769580554305ce8bb41b3b1a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pollen-forecast Version: 1.0.0 The skill is designed for a benign purpose (pollen forecasts). However, the `SKILL.md` file includes instructions for setting up daily alerts using `openclaw cron add`. The `--message` parameter for this cron job contains a `{city}` placeholder. If the OpenClaw agent does not properly sanitize or escape user input when filling this placeholder, a malicious user could potentially inject arbitrary instructions into the scheduled prompt, leading to prompt injection against the agent. This represents a vulnerability rather than direct malicious intent from the skill author, classifying it as suspicious.
- External report
- View on VirusTotal