Back to skill
Skillv1.0.4
VirusTotal security
Agent Dashboard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:02 AM
- Hash
- 503496f7e1b0b8f4bdeac781c61b7ccea3bbaf395e5963b20a6cbf5ac1a63752
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-dashboard Version: 1.0.4 The skill is classified as suspicious due to the inherent risks associated with granting the OpenClaw agent `exec` permissions for `git` and `curl` (as detailed in SKILL.md). While the skill explicitly instructs the agent not to read local files or exfiltrate sensitive data, and the `assets/push-dashboard.sh` script is designed to push only operational status to user-configured endpoints, the `exec` capability itself represents a significant prompt-injection attack surface. A sophisticated attacker could potentially craft a prompt to override the skill's safeguards and leverage these permissions for unauthorized actions like reading sensitive local files (e.g., `~/.ssh/id_rsa`) and exfiltrating them via `curl` to an arbitrary external endpoint. This represents a vulnerability rather than clear malicious intent within the skill's design.
- External report
- View on VirusTotal