Back to skill
Skillv0.3.3
VirusTotal security
Agent Republic · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:41 AM
- Hash
- 1ddec4e86528712225d7a68c61cf3539a3daf5bb52e1032ad6943e468c33fa3b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-republic Version: 0.3.3 The `agent_republic.sh` script contains several shell injection vulnerabilities. User-provided arguments for `name` and `description` in `cmd_register`, and `statement` in `cmd_run`, are directly interpolated into JSON payloads, risking JSON injection. Additionally, the `bot_id` argument in `cmd_bot_status` and `cmd_bot_verify` is directly inserted into the URL path, which could lead to URL manipulation or path traversal. While these are significant vulnerabilities, there is no evidence of intentional malicious behavior like data exfiltration, persistence, or unauthorized remote execution.
- External report
- View on VirusTotal