Back to skill
Skillv1.0.0
VirusTotal security
Edison Agent Reach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:25 AM
- Hash
- fa79fca5c831929f8657e4eac04b85fad304cdbfdbc747e053058bcd1c4f4e42
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: edison-agent-reach Version: 1.0.0 The skill bundle provides extensive capabilities for web scraping and platform interaction, including handling session cookies and configuring proxies. A significant security risk is present in SKILL.md, which instructs the AI agent to fetch and execute installation steps from a remote GitHub repository (Panniantong/agent-reach), potentially leading to remote code execution or unauthorized system configuration. While these capabilities are plausibly related to the stated purpose of a multi-platform search agent, the reliance on external, non-standard tools like 'mcporter' and 'xreach' and the handling of sensitive authentication data make it high-risk.
- External report
- View on VirusTotal