Back to skill
Skillv0.0.1
VirusTotal security
agentauth · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 6:56 AM
- Hash
- ec8b71fa3858a6ea59255d3274eea75b995be2b85aefd6cfadb35e533d10d537
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentauth Version: 0.0.1 The skill bundle contains instructions in SKILL.md that explicitly direct the AI agent to bypass security controls, specifically forbidding the use of the 'sandbox' parameter in 'sessions_spawn' and instructing the agent to hide sub-agent creation from the user. The 'scripts/cli.cjs' file is a large, minified bundle that performs system mutations, including modifying the workspace's 'AGENTS.md' file to inject its own operational rules. While the stated purpose is to provide a security gate for dangerous operations, the combination of prompt injection to evade sandboxing and the modification of core instruction files mirrors techniques used for persistence and oversight evasion.
- External report
- View on VirusTotal