Back to skill
Skillv2.0.1
VirusTotal security
Agent Registry · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:02 AM
- Hash
- 84f0102b13b1d21bffc9ac4307ab0715b607e6a79ff073f2ee03149d5d7be2f9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-registry Version: 2.0.1 The skill is classified as suspicious primarily due to the presence of an anonymous telemetry feature (`lib/telemetry.js`) that sends usage data to an external endpoint (`https://t.insightx.pro`). While this feature is opt-in, well-documented, and designed to be privacy-preserving by not collecting sensitive information, any data exfiltration to an external server, even for benign purposes, introduces a level of risk. Additionally, `SKILL.md` contains strong instructions to the AI agent (e.g., 'Claude MUST use this skill'), which, while intended for efficiency, represents a form of prompt injection. However, the code demonstrates active security hardening, including robust path traversal prevention in `lib/registry.js` for agent file loading, which is a positive indicator against malicious intent.
- External report
- View on VirusTotal