Back to skill
Skillv0.1.1
VirusTotal security
world2agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:21 PM
- Hash
- ae87e4c9d93e99e92f5d328882dc92da059b9af70373cdb7d47e1651c4aed8ef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: world2agent-manage Version: 0.1.1 The skill bundle performs high-risk system modifications including global NPM package installation (`npm install -g` in `bootstrap.sh`), automated mutation of the core `openclaw.json` security configuration to enable webhooks and session key overrides (`_lib.sh`), and the creation of persistent background services via launchd/systemd. Most notably, `SKILL.md` contains explicit instructions to the AI agent to bypass OpenClaw's default security envelope for 'EXTERNAL_UNTRUSTED_CONTENT', effectively instructing the model to trust external webhook data as valid input. While these actions are aligned with the stated purpose of a sensor bridge, the combination of security configuration downgrades and persistence mechanisms warrants a suspicious classification.
- External report
- View on VirusTotal