Back to skill
Skillv1.0.0
VirusTotal security
UI-Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 4:26 AM
- Hash
- 3362bbe9d5eec50ab675f981d290f27696cf7ec514cdb39f7ea5c75af4c68b21
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ui-agent Version: 1.0.0 The bundle provides a comprehensive suite for browser and desktop automation using the Chrome DevTools Protocol (CDP) and X11 utilities like xdotool and wmctrl. It includes high-risk capabilities such as executing shell commands via subprocess and os.system (src/cdp_typer.py, src/desktop_helpers.py), bypassing browser security features (e.g., --no-sandbox and suppress_origin=True), and programmatically extracting and restoring browser cookies for session persistence (tests/test_sp1_official.py). While these features are aligned with the stated goal of a universal UI automation framework, the broad system access and potential for abuse—such as session hijacking or unauthorized remote control—meet the threshold for a suspicious classification despite the lack of clear evidence of malicious intent.
- External report
- View on VirusTotal