Back to skill
Skillv0.82.3
VirusTotal security
agent-bom scan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:59 AM
- Hash
- 204f7ff67d8fde994e4d58d9b482079d13e561f91532ab33df5fc05259d7435e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-bom-scan Version: 0.82.3 The skill requests extensive read access to sensitive configuration files for dozens of AI agents and IDEs (e.g., Claude, Cursor, Windsurf, Snowflake, JetBrains) in SKILL.md. While the stated purpose is to scan these environments for vulnerabilities and the documentation claims to redact credentials locally before processing, the broad access to files known to contain API keys and connection strings represents a high-risk capability. Without the underlying Python source code to verify the redaction logic, the tool's behavior mirrors that of a credential harvester, even though the listed network endpoints (OSV, NVD, GitHub) are legitimate.
- External report
- View on VirusTotal