Back to skill
Skillv1.0.1
VirusTotal security
SAA Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:46 AM
- Hash
- fdf78b7ec8097bf8ec55a85cbc7460fd659382c7032da6a33e77e9ba0e076059
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: saa-agent Version: 1.0.1 The skill is classified as suspicious due to a critical security vulnerability in `saa-agent.py`. The Python script disables SSL certificate verification (`ssl.CERT_NONE`) for WebSocket Secure (WSS) connections, making it vulnerable to Man-in-the-Middle (MITM) attacks. While the skill's primary purpose (image generation) is benign and the `SKILL.md` instructions for the AI agent are generally responsible (e.g., requiring user confirmation for the powerful `--skeleton-key` flag), this SSL vulnerability represents a significant security flaw that could allow an attacker to intercept or tamper with communication, even without explicit malicious intent within the provided code.
- External report
- View on VirusTotal