Back to skill
Skillv1.5.0
VirusTotal security
openclaw-kirocli-coding-agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:04 AM
- Hash
- 197dd92d2f86aaeadeae8069a4de725a34b08be1f6e0c7caa1c3ad62c2f28855
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-kirocli-coding-agent Version: 1.5.0 The skill bundle provides instructions for the OpenClaw agent to orchestrate powerful AI coding tools (Kiro CLI, Codex, Claude Code) using high-risk configurations. Specifically, it directs the agent to use flags like `--yolo` and `--trust-all-tools` in SKILL.md, which explicitly bypass sandboxing and manual approval prompts for file writes and command execution. While these capabilities are aligned with the stated goal of automated coding, they grant the agent broad, unverified permissions over the host system. No evidence of intentional malice, data exfiltration, or persistence was found, but the instructions encourage a high-risk operational mode.
- External report
- View on VirusTotal