Back to skill
Skillv1.0.0
VirusTotal security
Create SubAgent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 AM
- Hash
- 88907d0e76f86ea3954ec04177bc7abecf3f3f715fae4901f4cb843f04620b6a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reate-subagent Version: 1.0.0 The skill allows the creation of powerful sub-agents, some of which are explicitly granted capabilities like `exec (Python)`, `web_search`, `web_fetch`, `read`, and `write` (as seen in `SKILL.md`). While these capabilities are plausible for the stated purpose of specialized agents (e.g., data analysis, research), the '自定义 SubAgent' section in `SKILL.md` presents a significant prompt injection vulnerability. An attacker could craft a malicious 'task' description for a custom sub-agent, potentially leading the main agent to spawn a sub-agent with harmful instructions. This represents a high-risk capability and a clear vulnerability, but without direct evidence of intentional malicious behavior within the provided files, it is classified as suspicious.
- External report
- View on VirusTotal