Back to skill
Skillv1.0.0
VirusTotal security
Agent Workflow Enforcer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:48 AM
- Hash
- 69fdbbc2f78eeb766d446f2f419a54b4417de062d7a23b863e2bf3e221d1875c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jz-workflow-enforcer Version: 1.0.0 The skill bundle aims to enforce AI agent workflows, which is a benign goal. However, the `SKILL.md` file instructs the AI agent to execute external Python scripts (e.g., `scripts/gate.py`, `scripts/create_style_context.py`, `scripts/detect_learning.py`) with arguments that can originate from user input. While `scripts/gate.py` itself primarily prints output and does not exhibit malicious behavior, it directly incorporates user-provided arguments like `--platform` and `--account` into its output, which could be a vector for prompt injection back into the agent or terminal manipulation if the input is malicious. The reliance on the agent executing external commands with potentially unsanitized user input creates a significant command injection/RCE vulnerability risk, even if no explicit malicious payload is present in the provided files.
- External report
- View on VirusTotal