Back to skill
Skillv1.0.0
VirusTotal security
agentar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- 7f10ae7f8d1edd53cb08ecdb2dedf30b79badf8a691da22093e5b9f31d1986b6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agentar Version: 1.0.0 The agentar skill provides powerful administrative capabilities for exporting, importing, and backing up OpenClaw agent instances, which involves high-risk behaviors such as broad file system access to ~/.openclaw, modification of core configuration files, and remote file downloading via curl (SKILL.md). While the instructions include safety measures like automated backups and dry-runs, the skill's ability to overwrite the agent's identity and soul files, combined with the execution of local scripts (clawctl.mjs) using potentially unsanitized inputs, creates a significant attack surface. No clear evidence of malicious intent was found, but the capabilities are inherently risky and go beyond simple task execution.
- External report
- View on VirusTotal