Back to skill
Skillv1.3.2
VirusTotal security
Agent Context System · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:53 AM
- Hash
- 88e2f7d81babeaf521c2f495d5b6704b4141f049f225bb46c6c40cea9efe0f71
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-context-system Version: 1.3.2 The skill is classified as suspicious due to its reliance on broad command execution capabilities and the lack of full source code for critical components. The `github-copilot/SKILL.md` explicitly allows the `terminal` tool, and various `SKILL.md` files instruct the agent to execute `bash` scripts and the `agent-context` CLI. The `agent-context` binary's source is not provided, preventing verification of its claimed 'path-scoped operations' and input sanitization, which could harbor vulnerabilities. Additionally, `AGENTS.md` instructs the agent to run `agent-context promote --autopromote`, which can automatically modify the committed `AGENTS.md` file, potentially without explicit per-item human review. While the skill includes positive security claims (e.g., 'No external downloads', 'Scratchpad writes require user confirmation') and no direct evidence of malicious intent, the powerful capabilities combined with unverified code pose a significant risk.
- External report
- View on VirusTotal