Back to skill
Skillv1.0.0
VirusTotal security
Generic Quality Gateways for Unattended Agent Development · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:28 AM
- Hash
- a8fc4f72d20ce710b99981b4e9cb71aef0a2b3f4f36809a8787021515c2dda18
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: tcc-quality-gates Version: 1.0.0 The skill instructs the AI agent to collect metrics, explicitly mentioning the use of "local commands (if allowed by runtime)" in SKILL.md. While this capability is necessary for a quality gate skill that needs to run analysis tools, it represents a significant security risk (potential RCE vulnerability) if the agent's execution environment is not adequately sandboxed or if the agent can be prompted to execute arbitrary commands from untrusted inputs. The skill itself does not contain instructions for malicious actions like data exfiltration or persistence, but it exposes a powerful primitive that could be exploited.
- External report
- View on VirusTotal