Back to skill
Skillv1.0.2
VirusTotal security
EvoAgentX Workflow · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:22 AM
- Hash
- 6b01715b3a2d96115a7551eb6a844a68b22cd84ff09a58a5b333b08be6a6d0e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: evoagentx-workflow Version: 1.0.2 The skill integrates the EvoAgentX framework, with installation via `pip install evoagentx` as instructed in `SKILL.md`. The `scripts/evoagentx_cli.py` provides utility functions, but its `create_workflow_template` function is vulnerable to path traversal. If the `--name` argument is crafted (e.g., `../../evil`), it could lead to arbitrary file creation outside the intended directory, which is a significant vulnerability. There is no evidence of intentional malicious behavior such as data exfiltration or unauthorized remote execution, aligning with the 'suspicious' classification for vulnerabilities rather than 'malicious' intent.
- External report
- View on VirusTotal