Back to skill
Skillv1.0.0
VirusTotal security
Document Learning · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 2:01 PM
- Hash
- 627dbce81154d5673c1d294cd08d5790c3047a12e0d9e40bedee68859c94bc0b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: document-learning Version: 1.0.0 The skill bundle provides document reading and progress tracking capabilities through Python scripts (read_large_document.py and multi_doc_progress.py) that interact with the filesystem. While the functionality aligns with the stated purpose, the scripts exhibit high-risk behaviors by performing unsanitized file read/write operations based on agent-provided paths, which could be exploited via prompt injection to access sensitive system files (path traversal). Additionally, the scripts create hidden metadata files (.multi_doc_learning_progress.json) in the current directory and potentially in arbitrary document directories, and the SKILL.md instructions direct the agent to automatically modify workspace memory files (MEMORY.md), representing a significant side-effect surface.
- External report
- View on VirusTotal