Back to skill
Skillv2.0.3
VirusTotal security
Agentplace · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:32 AM
- Hash
- 42258377ed6a6427051567503cc04970ee218c1d394f987a2cf3a5872a590a91
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentplace Version: 2.0.3 The skill facilitates a marketplace for downloading and installing third-party AI agent skills from 'api.agentplace.sh'. It utilizes high-risk shell commands (curl, unzip, mv) to fetch remote ZIP archives and install them into the local OpenClaw workspace (~/.openclaw/workspace/skills/). While the instructions in 'skill.md' include safety-oriented steps such as user confirmation and file previews, the inherent capability to download and execute remote code, combined with the handling of API keys for paid content, presents a significant attack surface for supply chain compromise.
- External report
- View on VirusTotal