Back to skill
Skillv1.0.0
VirusTotal security
ai-workflow-engine · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 18, 2026, 8:16 PM
- Hash
- 900edd9f53f0f9ea90db33f244c03f4b3085c5d3bb43844d97c77fb0612a6e97
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-workflow-engine Version: 1.0.0 The skill bundle contains hardcoded absolute file paths targeting a specific user's directory (C:\Users\qiuwe\...) in ai_workflow.py to import dependencies, which is a significant security risk and indicates environment-specific targeting or poor development practices. While the bundle's stated purpose is an 'AI Workflow Engine,' it includes a broad range of high-risk capabilities such as network requests (NetworkSteps.fetch_url), database operations (DatabaseSteps), and template-based code generation (NLCodeGenerator). Although no explicit evidence of intentional data exfiltration or backdoors was found, the combination of environment-specific hardcoding and extensive system-level access warrants a suspicious classification.
- External report
- View on VirusTotal