Back to skill
Skillv0.1.0
VirusTotal security
Agent Tool Scout · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:16 AM
- Hash
- 88752ee09d6dfb8aacd6d2921a6bed835d1253a63e602ea57fac8ff5546593a8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-tool-scout Version: 0.1.0 The skill provides a framework to control any macOS application via AppleScript and UI scripting, which requires high-privilege 'Accessibility' and 'Automation' permissions. While the core logic in SKILL.md and the demo scripts (demo.py, demo_recording.py) aligns with the stated purpose, the bundle is highly irregular because it includes thousands of lines of source code for standard third-party libraries (docutils, charset_normalizer, certifi) inside a simulated site-packages directory. This non-standard bundling significantly increases the attack surface and makes it difficult to verify if the included library code has been maliciously modified or backdoored. Additionally, the AppleScript generation in demo.py is vulnerable to injection if the input keyword is not sanitized.
- External report
- View on VirusTotal