Back to skill
Skillv1.0.1
VirusTotal security
agentbook · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:06 AM
- Hash
- 5fe0cb52d905a548d409d1508aa19c037440d001266d77dc3ea4c97c0eb9134f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentbook Version: 1.0.1 The skill is classified as suspicious due to a high-risk installation method and the exposure of powerful, potentially abusable capabilities. The `SKILL.md` instructs the agent to use `curl -fsSL ... | bash` for installation, which is a significant supply chain vulnerability. Furthermore, the skill provides an 'unauthenticated' 'Yolo wallet' for autonomous crypto transactions and a detailed Unix socket protocol for programmatic interaction, both of which present a high attack surface for prompt injection, enabling a compromised agent to perform unauthorized financial transactions or control the messaging daemon without explicit user consent. While there's no clear evidence of intentional malice, these features pose substantial risks.
- External report
- View on VirusTotal