Back to skill
Skillv1.0.0
VirusTotal security
Agent Autonomy Primitives · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:01 AM
- Hash
- 7104931d355cd12792621275e7079e033c99c9eadf8f4c2d730569d54db29c74
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-autonomy-primitives Version: 1.0.0 The skill bundle provides instructions for an AI agent to manage its tasks and memory using the `clawvault` CLI tool. It instructs the agent to install `clawvault` globally via `npm install -g clawvault` and to execute tasks as part of a 'heartbeat loop'. While the stated purpose is benign (agent autonomy), the instruction to 'Execute it' (referring to a task) and the use of `subprocess.run` in integration examples introduce significant Remote Code Execution (RCE) and potential shell injection vulnerabilities if task content or arguments are not rigorously sanitized. These capabilities, though central to the skill's function, represent high-risk behaviors that could be exploited, warranting a 'suspicious' classification.
- External report
- View on VirusTotal