Back to skill
Skillv1.0.0
VirusTotal security
Agent Team 构建器 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- fa452b60feeb88b1077d7f3582a5ddf4ef735bb0dedd53bd0603baa4883a5179
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claw-team-builder Version: 1.0.0 The skill bundle provides tools to automate the creation and configuration of OpenClaw agents, which involves reading and writing the core configuration file (~/.openclaw/openclaw.json) and executing shell commands via execSync (lib/validator.js). While these high-risk capabilities are aligned with the stated purpose of a 'Team Builder,' the ability to modify system-level configurations and execute shell commands represents a significant attack surface. Additionally, scripts/create-agent.js handles sensitive credentials like appSecret via command-line arguments, which is a security vulnerability.
- External report
- View on VirusTotal