Back to skill
Skillv1.0.1
VirusTotal security
Agentpatch · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:42 AM
- Hash
- dcc24c414541b7682c106b90573a329b9b8a8a14f0fc6e538b4145c92dc6588d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentpatch Version: 1.0.1 The skill instructs the AI agent to guide the user to install the `agentpatch` Python package via `pip install agentpatch`. While this is for the skill's own client, `pip install` commands represent a supply chain vulnerability, as a compromised package on PyPI could lead to arbitrary code execution (RCE). Additionally, the `agentpatch` tool itself offers broad capabilities like sending emails and web scraping, which, while legitimate, could be misused if the agent or user is not properly constrained, contributing to a higher risk profile.
- External report
- View on VirusTotal