Back to skill
Skillv0.1.0
VirusTotal security
Subagent Watchdog · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:58 AM
- Hash
- b2cebd309039ebfe8e4e920a5315f1c0604405c914902884614530a821faae47
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: subagent-watchdog Version: 0.1.0 The skill is classified as suspicious due to a path traversal vulnerability in `watch.sh`. The `LABEL` argument, which is user-controlled, is directly used to construct the path for the completion marker file (`$STATE_DIR/${LABEL}.done`). This allows a malicious subagent or user to write files to arbitrary locations on the filesystem by providing a `LABEL` containing path traversal sequences (e.g., `../`). While the skill's stated purpose is benign, this lack of input sanitization presents a significant security risk, allowing for unauthorized file creation or modification.
- External report
- View on VirusTotal