Back to skill
Skillv0.1.0
VirusTotal security
Agentic Mcp Server Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:36 AM
- Hash
- 759135453c9f9e8004625060fa7e4ba02da9f254984ce98490ddd9f10b1f997e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentic-mcp-server-builder Version: 0.1.0 The `scripts/scaffold_mcp_server.py` script contains a significant arbitrary file write vulnerability. The `--allow-outside-workspace` flag, when enabled, allows the `scaffold_root` parameter (controlled by the input payload) to resolve to any path on the filesystem, bypassing workspace restrictions. Although the content written to these files is generic and not inherently malicious (e.g., '# Starter file'), the ability to write to arbitrary locations (e.g., system directories like `/etc` or sensitive user directories) poses a severe security risk, enabling potential denial-of-service, data corruption, or privilege escalation if combined with other vulnerabilities.
- External report
- View on VirusTotal