Back to skill
Skillv1.0.0
VirusTotal security
TrustMyAgent Β· External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 4:35 AM
- Hash
- 2461c079035b24aa9bb6f421f4a2ec39448e962983f2acb64d6199ba1b885936
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: trust-my-agent-ai Version: 1.0.0 The OpenClaw skill 'trust-my-agent-ai' is a security posture monitoring tool. Its code (`run.py`) and documentation (`SKILL.md`, `README.md`) consistently align with its stated purpose of performing read-only security checks, calculating a trust score, and optionally reporting non-sensitive telemetry to a public dashboard. The `SKILL.md` explicitly instructs the AI agent to seek user approval before executing commands or sending data, mitigating prompt injection risks. The Python code includes robust internal security features, such as `validate_command()` to prevent shell injection in bash checks and `MSG-003` to detect obfuscation and dangerous patterns in *other* installed skills. While `run.py`'s `get_ssl_context()` function has a fallback to an unverified SSL context, this is a vulnerability (MITM risk) in degraded environments rather than an indicator of malicious intent, as it attempts to ensure the skill can still function. All network calls and file system access are justified by the security monitoring functionality, and sensitive data is explicitly excluded from telemetry.
- External report
- View on VirusTotal