Back to skill
Skillv1.1.2
VirusTotal security
SoulFlow — Agent Teams Workflow Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:50 AM
- Hash
- b093015df7856d8d316274fd4084d027c90cfcdaa0bda78cf44a8d530fb2cca9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: soulflow Version: 1.1.2 The skill is classified as suspicious due to its extremely broad permissions and capabilities, which, while explicitly declared, present a significant attack surface. The `SKILL.md` and `README.md` clearly state that the skill creates a `soulflow-worker` agent with 'full tool access' (read, write, edit, exec, browser) and 'inherits authProfiles' (credentials) from existing agents. Workflows, such as `security-audit.workflow.json` and `deploy-pipeline.workflow.json`, directly instruct the worker agent to use `exec` for arbitrary command execution. While the documentation transparently warns users about these risks and the need to trust the skill author and custom workflows, the inherent power to perform RCE, access credentials, and modify the system (via `config.patch` in `lib/runner.js` to create agents) elevates it beyond benign, even without clear evidence of intentional malicious self-exploitation by the author.
- External report
- View on VirusTotal