Back to skill
Skillv1.0.0
VirusTotal security
Agente Conhecimento · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:07 AM
- Hash
- 3772f88d87235105bc00b9e79502d77c0c421a36a3c3013c607331615d369944
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agente-conhecimento Version: 1.0.0 The skill is classified as suspicious due to its powerful self-modification capabilities and reliance on external scripts. Specifically, the `SKILL.md` instructs the agent to execute local scripts like `extract-skill.sh`, which can create new skills (new `SKILL.md` files) that are then executed by the agent. This presents a significant prompt injection vulnerability, as a compromised agent could be instructed to generate malicious skills. Additionally, the mention of OpenClaw's inter-session communication tools (`sessions_send`, `sessions_spawn`) introduces potential for abuse if not properly sandboxed, allowing data exfiltration or unauthorized sub-agent spawning.
- External report
- View on VirusTotal