Back to skill
Skillv0.1.0
VirusTotal security
Agent Reach · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:20 AM
- Hash
- 8b81ba0e55ec3c10a61fb63e5a0ce481ccb65bab98b92eec6db05e8d8bafefeb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: skill-11 Version: 0.1.0 The skill bundle provides extensive web-scraping and social media interaction capabilities but introduces significant risk by instructing the agent to fetch and follow setup instructions from an external GitHub URL (raw.githubusercontent.com/Panniantong/agent-reach/main/docs/install.md), which constitutes a remote instruction injection vector. It also handles sensitive session cookies for multiple platforms and utilizes several custom, undocumented CLI tools (mcporter, xreach, miku_ai). The instruction to store persistent data in ~/.agent-reach/ while explicitly avoiding the standard agent workspace is a notable behavior for maintaining a footprint outside of immediate user oversight.
- External report
- View on VirusTotal