Back to skill
Skillv1.0.0
VirusTotal security
Tageblatt Headlines · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:56 AM
- Hash
- 7be0a0da534df9f8f71563df56779299e6ffe7b39b7dd25111695daa76db796e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tageblatt-headlines Version: 1.0.0 The skill bundle is classified as suspicious due to significant vulnerabilities in `scripts/fetch_headlines.py` and the prompt injection surface in `SKILL.md`. The Python script allows fetching content from arbitrary URLs via the `--url` argument (Server-Side Request Forgery) and writing to arbitrary file paths via the `--output` argument (Arbitrary File Write). While the current instructions in `SKILL.md` are benign and align with the stated purpose of archiving headlines and forwarding them via Telegram, these capabilities, combined with the agent's ability to execute commands and follow instructions, create a high-risk attack surface for potential exploitation.
- External report
- View on VirusTotal