Back to skill
Skillv1.1.0
VirusTotal security
Agent Network · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 27, 2026, 3:41 AM
- Hash
- 1accbeb98828841ebe425a86d5523d062136ddab114a5649bbffdfcb17aebf0e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-network Version: 1.1.0 The skill is classified as suspicious due to significant prompt injection vulnerabilities and a clear capability for data exfiltration. Specifically, `SKILL.md` and `references/ADVANCED.md` demonstrate passing user-controlled input (`new_task.description` or `content`) directly as `task` or `description` arguments to `sessions_spawn` or `TaskManager.create`. This allows a malicious user to inject arbitrary instructions into sub-agents or tasks. Additionally, `references/ADVANCED.md` shows a `WebhookNotifier` that can send chat content to an arbitrary, user-defined `webhook_url`, posing a data exfiltration risk if a malicious agent is instructed to use a harmful endpoint.
- External report
- View on VirusTotal