Back to skill
Skillv1.3.0
VirusTotal security
Team Projects · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:37 AM
- Hash
- befe39f33cd47c65d20f37cb89da70568f285e7ecd9addd2f4bd14df9eccbcc1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: team-projects Version: 1.3.0 The skill bundle implements a complex multi-agent project management system but uses high-risk architectural patterns. Most notably, it requires the user to manually patch the OpenClaw source code and build pipeline (SKILL.md, BUILD_REGISTRATION.md), and the UI component (team-projects-view.ts) fetches data by sending 'silent' chat messages that trigger shell execution of local scripts (node project-store.js). While these behaviors appear aligned with the stated goal of providing a project dashboard, the use of the agent as a shell-execution proxy for the frontend and the requirement for core source code modification represent a significant security risk and deviate from standard plugin sandboxing.
- External report
- View on VirusTotal