Back to skill
Skillv0.1.0
VirusTotal security
Team Task Dispatch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:50 AM
- Hash
- 474623e866e3fd2f71683836c87e272c8c7d6362e35e27e4b302572135d6a72b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: team-task-dispatch Version: 0.1.0 The skill's `SKILL.md` defines `allowed-tools` with broad wildcard permissions (e.g., `Bash(npx @openant-ai/cli@latest subtasks*)`). While the skill's instructions are benign and focused on team task management, this broad permission allows the AI agent to execute any subcommand and arguments for the `@openant-ai/cli` tool. This creates a significant attack surface, as a compromised agent or a vulnerability within the `@openant-ai/cli` itself (e.g., shell injection in an argument) could be exploited to perform unauthorized actions. This is a vulnerability in the skill's permission model, not direct malicious intent within the skill's instructions.
- External report
- View on VirusTotal