Back to skill
Skillv1.0.0
VirusTotal security
Agent Safety · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:02 AM
- Hash
- 4999d4d2644385a25b6f070f3b3f5ddf3756da944e83db7bad0c9c51509e1832
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: agent-safety Version: 1.0.0 The OpenClaw AgentSkills skill bundle is designed for agent safety, providing tools to scan for secrets, PII, and malicious patterns before publishing or committing. The `SKILL.md` and `README.md` clearly state this defensive purpose, and do not contain any prompt injection attempts with malicious intent. The `health-check.sh` script performs legitimate system monitoring, including checking for software updates via external network calls (npm, softwareupdate), without exfiltrating sensitive data. The `install-hook.sh` script installs a git pre-commit hook that uses `pre-publish-scan.sh` to analyze staged content for security issues. The `pre-publish-scan.sh` script is a defensive tool that actively detects and blocks patterns indicative of data exfiltration (e.g., `webhook.site`, `ngrok.io`), reverse shells (`/dev/tcp/`), bulk environment variable harvesting, and sensitive file access (`/etc/passwd`, `~/.ssh`), rather than performing these actions itself. All observed behaviors align with the stated purpose of enhancing security and preventing accidental data leaks.
- External report
- View on VirusTotal