Back to skill
Skillv1.0.0
VirusTotal security
Agent Reach Setup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:24 AM
- Hash
- fdae677c3949d44473f5014ae33b3f9cdf8c8cc8a28dc914a5a7cab3a0d5b68f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-reach-setup Version: 1.0.0 The skill bundle automates the installation of 'Agent Reach' by downloading a ZIP archive from a personal GitHub repository (Panniantong/agent-reach) and installing it with the '--break-system-packages' flag in install.sh, which bypasses standard Python environment protections. While the stated purpose is to enable web and social media access for AI agents, the use of high-risk installation methods and the broad range of external service integrations (including WeChat, Twitter, and local MCP servers) represent a significant security risk. Additionally, usage-examples.md contains Python code patterns that are vulnerable to argument injection when handling user-provided queries.
- External report
- View on VirusTotal