Back to skill
Skillv1.0.1
VirusTotal security
agent-wake · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:51 AM
- Hash
- 04c60b08e975d951490553e95c20c4d974004f2df416fb98ec059673a73560dd
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: agent-wake Version: 1.0.1 The skill is designed to wake an OpenClaw agent session via a local gateway, injecting a user-provided message as a system event. It accesses the `GATEWAY_TOKEN` for authentication (from environment, local .env, or `~/.openclaw/gateway.cmd`) and makes an HTTP POST request to `http://localhost:18789/tools/invoke`. While the core functionality involves injecting text that the AI agent will act upon (a form of prompt injection), this is the explicit and documented purpose of the skill, and the script itself adds instructions to *constrain* the agent's response (e.g., 'Do not respond anywhere else.'), not to manipulate it maliciously. There is no evidence of data exfiltration, unauthorized execution, persistence, or other malicious intent from the skill itself. The `references/setup.md` clearly outlines the required manual configuration to allow the `cron` tool, which is a prerequisite for the skill's operation, not a malicious action.
- External report
- View on VirusTotal