Back to skill
Skillv0.1.1
VirusTotal security
Agent Visio User · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:29 AM
- Hash
- 217746673a2e8c6db2179c0baca6fae07dca9605500c773ec75b65c6e484c668
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: diagforge-agent-visio-user Version: 0.1.1 The skill (SKILL.md) functions as a bootstrap loader that instructs the agent to clone an external GitHub repository (github.com/qweadzchn/DiagForge) and execute several Python scripts (e.g., prepare_smoke_test.py). While these actions are aligned with the stated purpose of project onboarding, the pattern of downloading and executing remote code is a high-risk capability (RCE) that relies on the integrity of the external source. The skill also requires a sensitive environment variable, VISIO_BRIDGE_TOKEN, which could be a target for exfiltration if the external repository or execution environment were compromised.
- External report
- View on VirusTotal