Back to skill
Skillv1.0.0
VirusTotal security
Claude Code Dispatch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:25 AM
- Hash
- f8b8fa25794deee2dc92dd4e32f285dbb43b270337c010849ae8ed428f188e49
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: claude-code-dispatch Version: 1.0.0 The skill acts as a wrapper for the Claude Code CLI, enabling an AI agent to perform high-risk operations including arbitrary shell execution and direct filesystem modification. While these capabilities are aligned with the stated purpose of delegating complex coding tasks, the 'agent-within-an-agent' pattern significantly expands the attack surface for prompt injection and unintended command execution. The script `scripts/invoke-claude.sh` passes user-provided prompts directly to the sub-agent, and the documentation in `SKILL.md` explicitly encourages granting broad permissions (Read, Edit, Bash) which could be exploited if the agent is misdirected.
- External report
- View on VirusTotal