Back to skill
Skillv1.0.0
VirusTotal security
Multica Manager · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 11:51 PM
- Hash
- 5c011ae20d26d83ca889f86a1e2b3e3929994cd9445878670d73e236c118b7b1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: multica-manager Version: 1.0.0 The skill acts as a manager for a multi-agent system using the `multica` CLI and OpenClaw's `sessions_send` function. It is classified as suspicious because the instructions in `SKILL.md` direct the AI agent to construct shell commands using unsanitized user input (e.g., `multica issue create --title "任务标题"`), which presents a high risk of shell injection. While the behavior aligns with the stated purpose of task orchestration and no evidence of intentional malice or data exfiltration was found, the lack of input sanitization in the command-line workflows is a significant vulnerability.
- External report
- View on VirusTotal