Back to skill
Skillv1.0.0
VirusTotal security
Farmos Workforce · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- ee2923a399d98670e2f0b37b7bb914791bf82f6bc6b1d3648bf688ebbdb61e6e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: farmos-workforce Version: 1.0.0 The skill is classified as suspicious due to its explicit instructions for the AI agent to execute a local shell script (`~/clawd/scripts/farmos-auth.sh`) and read local files (`~/.clawdbot/farmos-users.json`) as part of its authentication and role mapping process, as detailed in `SKILL.md`. While these actions are for a stated legitimate purpose (authentication and authorization), they grant the agent significant capabilities (shell execution, file system access) that, if exploited through prompt injection or if the referenced scripts/files were compromised, could lead to unauthorized actions or data exposure. The skill also interacts with an internal IP address (http://100.102.77.110:8006), which, while expected for an internal service, adds to the potential attack surface if not strictly controlled.
- External report
- View on VirusTotal