Back to skill
Skillv1.2.0
VirusTotal security
AgentOctopus · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- 9d797943c8dc9261a1796b4c366580fdbc3c82d327a9c456cd07127460b92b84
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentoctopus Version: 1.2.0 The 'agentoctopus' skill functions as a high-privilege meta-manager and router capable of downloading, installing, and executing code from remote sources such as 'ClawHub', npm, and arbitrary user-provided URLs. It manages sensitive API credentials by storing them in a local .env file (~/.agentoctopus/.env) and can start a persistent gateway server on port 3002. While these features are consistent with its stated purpose as a skill orchestrator, the combination of remote code acquisition, credential management, and local server execution constitutes a high-risk capability set that warrants caution (SKILL.md).
- External report
- View on VirusTotal