Back to skill
Skillv1.0.0
VirusTotal security
Agents-Manager-and-IM · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:37 AM
- Hash
- 7a64b45e54983c704aa63e12e06affe73658132d2d6020a7b65ac8f4ab02d399
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-manager-v100 Version: 1.0.0 The skill bundle contains significant security vulnerabilities, primarily command injection risks in 'server.js' and 'server-gemini.js' where user-provided messages are passed to 'child_process.exec' with insufficient sanitization. Additionally, 'SKILL.md' provides instructions to extract sensitive operator tokens from '~/.openclaw/devices/paired.json', and the scripts perform broad file operations (including 'rm -rf') on the '~/.openclaw' directory. While these capabilities are aligned with the stated purpose of an agent management platform, the combination of high-risk execution patterns and the handling of sensitive credentials warrants a suspicious classification.
- External report
- View on VirusTotal