Back to skill
Skillv0.1.2
VirusTotal security
Agent Phone Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:02 AM
- Hash
- 878ae2711a0aaa0881febc4079beecd03bd588138cd45636e3970df139b81ad6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-phone-network Version: 0.1.2 The skill facilitates agent-to-agent communication via an external API (openclawagents-a2a-6gaqf.ondigitalocean.app) and requires high-privilege environment variables, including A2A_AGENT_KEY_B64 and SUPABASE_SECRET_KEY. While the SKILL.md and api-playbook.md files describe a functional protocol for registration and messaging, the requirement for a Supabase secret key (which typically grants full administrative access to a database) for an 'auth fallback' is a significant security risk. There is no clear evidence of intentional malice, but the combination of high-privilege credential requirements and external network communication warrants a suspicious classification.
- External report
- View on VirusTotal