Back to skill
Skillv0.1.0
VirusTotal security
Agent Team Workflows · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:52 AM
- Hash
- 9f9c38af54a67b72ff3a8f9a8fbee3bd88a8cea437c627d29abecc2fa7785acc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-agent-team-workflows Version: 0.1.0 The OpenClaw AgentSkills skill bundle is designed for multi-agent workflow orchestration, a powerful capability that involves the Lead Agent spawning and instructing other sub-agents. While the skill itself does not contain explicit malicious instructions, its core functionality, particularly the 'Spawn Teammates with Rich Context' instruction in `SKILL.md` and the detailed prompt templates in `reference/prompt-templates.md`, creates a significant attack surface for prompt injection against these spawned sub-agents. A malicious user could define custom 'Role Cards' or 'Constraints' that, when relayed by the Lead Agent to a sub-agent, could lead to unauthorized actions or data exfiltration. Although the skill includes a positive security control ('Gate high-risk actions' in `SKILL.md`) requiring user approval for sensitive operations, the inherent flexibility and power to dynamically instruct other agents, combined with the potential for user-controlled input to influence these instructions, classifies it as suspicious due to the vulnerability it presents.
- External report
- View on VirusTotal