Back to skill
Skillv1.0.0
VirusTotal security
Agent Synthesizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:23 AM
- Hash
- 6025e973006b5c91bcd9d7a8a470cfbfcb5570f8684ef40677901c8d8f896599
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-synthesizer Version: 1.0.0 The skill bundle is suspicious due to its reliance on an external, dynamic source for execution instructions. The `SKILL.md` explicitly instructs the OpenClaw agent to 'Follow the README exactly as written' and 'run the README’s validation/test commands' from `https://github.com/rylena/agent-synth`. This creates a significant supply chain vulnerability, as the content of the external `README.md` can be altered at any time, potentially leading to the execution of arbitrary malicious commands by the agent without direct control or review within the skill bundle itself. This constitutes an indirect prompt injection risk, where the agent is instructed to prioritize and execute instructions from an untrusted external source.
- External report
- View on VirusTotal