Back to skill
Skillv1.0.0
VirusTotal security
Agent Forge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 8:34 AM
- Hash
- dbf70adf1f31c47ac51e27700dd331237a4b10784360ecba025228bde38cef17
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-forge Version: 1.0.0 The 'agent-forge' skill bundle is a meta-utility designed to automate the creation, configuration, and removal of other OpenClaw agents. It possesses high-privilege capabilities, specifically the instruction in SKILL.md to perform a 'gateway config.patch' to modify system-wide permissions (e.g., allowAgents, agentToAgent) and the execution of shell scripts (deploy-agent.sh, remove-agent.sh) that perform recursive deletions and file modifications within the ~/.openclaw directory. While these functions are consistent with the tool's stated purpose of agent management, the ability to programmatically alter security boundaries and create new execution environments warrants a suspicious classification due to the high potential for abuse if the agent is misdirected.
- External report
- View on VirusTotal