Claude Sonnet 4 Lite Agent
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: claude-sonnet-4-lite-agent Version: 0.1.0 The `SKILL.md` file grants the agent broad `python_code_execution` capabilities for generating webpages and 'other attachments'. While the current instructions do not explicitly direct malicious actions, this powerful capability represents a significant vulnerability. An attacker could exploit this by crafting a malicious prompt to the agent, leading to arbitrary code execution, file system access, or network calls, thereby enabling data exfiltration or other harmful activities.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used for attachment generation, the agent may run code to create output files.
The skill instructs the agent to use a code-execution tool to create files. This is disclosed and aligned with the content-generation purpose, but users should know code execution may be involved when requesting webpages or attachments.
**Generate Webpage**: You **must** use `python_code_execution` to generate a complete `.html` file as an attachment. ... **Generate Other Attachments**: Use `python_code_execution`.
Use it for intended content-generation tasks and review generated attachments before sharing or relying on them.