Back to skill
Skillv1.0.0
VirusTotal security
Huizai Proactive Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:21 AM
- Hash
- c59408ce0bb8953f229aa512d7e0059deb0fc807c2c51083ad65dc02ecba111d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hz-proactive-agent Version: 1.0.0 The skill is designed to create a proactive, self-improving AI agent, which inherently involves powerful capabilities like local file system access (read/write to various .md files for memory/state), shell command execution (`cp`, `grep`, `tail`, `cron`), and the ability to spawn sub-agents. While these capabilities are used for legitimate purposes (memory persistence, self-auditing, system maintenance, problem-solving), they represent a high-risk profile. The skill includes extensive and explicit security hardening instructions within SKILL.md, AGENTS.md, SOUL.md, HEARTBEAT.md, and references/security-patterns.md, which instruct the agent to prevent prompt injection, avoid external execution, confirm deletions, and seek approval for external actions. The `scripts/security-audit.sh` is a security feature, not malicious. The classification is 'suspicious' due to the broad capabilities that, if compromised or bypassed, could lead to significant vulnerabilities, despite the strong internal security protocols and lack of malicious intent in the provided code and instructions.
- External report
- View on VirusTotal