Back to skill
Skillv2.0.1
VirusTotal security
Complex Task Subagent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:30 AM
- Hash
- 67d94b51b66eccfbeb6fc3d74df2b4978fc2d6bc26f74a13e8c4adcc13b05ec0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: complex-task-subagent Version: 2.0.1 The skill bundle provides a powerful orchestration framework for autonomous task execution, but it includes high-risk instructions that lower the system's security posture. Specifically, SKILL.md and the documentation suggest modifying 'pending.json' to auto-approve new devices (bypassing pairing security) and using 'jq' to modify the core 'openclaw.json' configuration. The 'Night Mode' and 'Deep Work Mode' features encourage the agent to make autonomous decisions without user oversight, which, when combined with the persistent execution via the Heartbeat mechanism, creates a significant attack surface for prompt injection. While these capabilities are aligned with the stated purpose of complex task management, the instructions to disable security prompts and the broad file/shell access via scripts like 'scripts/notification-manager.sh' and 'scripts/select-execution-mode.sh' are inherently risky.
- External report
- View on VirusTotal