Back to skill
Skillv1.2.0
VirusTotal security
AGI Farm · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- 9572d49f342ad4f48db9208d4f33ae7f07cee13f509922d863483eddc0daf27f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agi-farm Version: 1.2.0 The OpenClaw AgentSkills bundle is classified as suspicious due to its use of high-risk capabilities and a notable supply chain vulnerability, despite aligning with its stated purpose of setting up a multi-agent AI team. Key indicators include the explicit installation of a persistent macOS LaunchAgent for the dashboard and cron jobs for the auto-dispatcher (SKILL.md, dashboard.py, scripts/register-crons.py), which are powerful persistence mechanisms. Furthermore, Step 11 in SKILL.md involves `git clone` from an external GitHub repository (`https://github.com/oabdelmaksoud/openclaw-skills.git`) directly into the OpenClaw skills directory, posing a significant supply chain risk if that repository were compromised. While these actions are transparently declared and serve the skill's functionality, they represent capabilities that could be exploited, and the external code fetching introduces an unverified dependency.
- External report
- View on VirusTotal