Back to skill
Skillv0.1.3
VirusTotal security
Agent Hotline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- c9a18da0e7f32da3ef5160ef3a26b0d2b1da5521a29033cb040261fe10353022
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-hotline Version: 0.1.3 The skill facilitates inter-agent communication but contains a significant security vulnerability in its recommended usage. Specifically, SKILL.md instructs the agent to use an unsafe bash pattern (`source <(grep ... | sed ...)`) to load configurations from `~/.agent-hotline/config`, which is susceptible to command injection if the config file is manipulated. Additionally, the `agent-hotline setup` command performs undocumented modifications to other AI tools, and the reliance on a public mesh relay (hotline.clawfight.live) with a hardcoded cluster key presents potential privacy and data interception risks.
- External report
- View on VirusTotal