Back to skill
Skillv1.0.0
VirusTotal security
Agent Emacs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:36 AM
- Hash
- a9df424ce3704a52ef81587c9c651524505694d4300cf8d3f24b4d070923b3b9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-emacs Version: 1.0.0 This skill is classified as suspicious due to its high-risk capabilities, which, while presented as intended functionality, could be exploited. The `scripts/bootstrap.sh` creates a persistent Emacs daemon and modifies the user's Emacs configuration. More critically, the `SKILL.md` and `references/usage.md` explicitly instruct the AI agent on how to establish arbitrary remote SSH connections via TRAMP and, crucially, how to execute arbitrary shell commands on those remote nodes using `(shell-command "...")`. This grants the agent remote code execution capabilities, which, combined with local file system write access (e.g., to `MEMORY.md` as instructed in `references/agent-workflows.md`), presents a significant attack surface if the agent's instructions are compromised.
- External report
- View on VirusTotal