Back to skill
Skillv1.1.1
VirusTotal security
Matz Swarm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- e9bb3aa04813865d44c28ed14b2bc1267021347b28c70301543ace5abb4481c9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: matz-swarm Version: 1.1.1 The bundle describes a complex 'Agent Swarm' orchestrator that automates coding tasks using LLMs and Git. While the intent appears to be a legitimate productivity tool, it implements extremely high-risk security patterns, including explicitly disabling AI safety sandboxes and permission prompts (e.g., '--dangerously-skip-permissions' for Claude and '--dangerously-bypass-approvals-and-sandbox' for Codex in config.sh). It also performs automated 'npm install' on AI-generated code and uses cron jobs to execute shell scripts based on the contents of local Markdown files (scan-obsidian.sh), creating a significant attack surface for RCE via prompt injection or local file manipulation. No clear evidence of intentional malice or data exfiltration was found, but the design is inherently insecure.
- External report
- View on VirusTotal