Back to skill
Skillv0.1.0
VirusTotal security
cerbug45 - Encrypted Agent Communication · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:52 AM
- Hash
- cb41b58961debe85043647da07b7dbe25774b472a0340345ebb4108cba5dd9ba
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cerbug45-agent-crypto-message Version: 0.1.0 The skill is classified as suspicious due to critical vulnerabilities, not malicious intent. The `initialize_agent` function in SKILL.md stores the agent's RSA private key unencrypted in `/home/claude/.clawhub/identity.json`, making it vulnerable to theft by any process with local file access. Additionally, the `attach_file` function, also in SKILL.md, can read arbitrary files from the filesystem (via `file_path`) and include their base64-encoded content in messages, posing a data leakage risk if the input path is not properly sanitized or controlled. These flaws allow for potential compromise of agent identity and unauthorized data exfiltration from the local filesystem.
- External report
- View on VirusTotal