Back to skill
Skillv3.1.7
VirusTotal security
Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:20 AM
- Hash
- c0a4e103551034cfd6d50959f29d9d102c388892be07623e579c198484abe919
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-relay Version: 3.1.7 The skill bundle contains instructions in SKILL.md that direct the user or agent to disable interactive security prompts (tools.exec.ask off) and grant maximum execution privileges (tools.exec.security full). While these are presented as troubleshooting steps for headless environments, they effectively dismantle the security sandbox's human-in-the-loop protections, allowing the agent to execute arbitrary commands without oversight. Furthermore, the setup process relies on 'npx -y' to execute remote code from the @agent-relay/openclaw package, which introduces a supply chain risk.
- External report
- View on VirusTotal