Back to skill
Skillv1.0.0
VirusTotal security
Voice UI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:32 AM
- Hash
- 5ed1a408cdcd309111f00dd4f4f3ae3044d27040d4aa51d89fdc419f2140f253
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: voice-ui Version: 1.0.0 This skill is classified as suspicious due to its explicit granting of high-risk capabilities to the AI agent. The `CONTEXT.md` and `server.cjs` files contain direct instructions for the AI agent to modify local files (e.g., `/Users/yuki/.openclaw/workspace/voice-ui/index.html`) and execute shell commands (`git add -A && git commit`). While these actions are central to the skill's stated 'self-evolving' purpose, they represent significant file system write and arbitrary command execution capabilities that could be exploited through prompt injection against the agent. Additionally, the `server.cjs` exposes the `OPENAI_API_KEY` via a local API endpoint (`/api/key`), which is then used directly by `index.html` for client-side OpenAI API calls, making the key accessible in the browser.
- External report
- View on VirusTotal