Back to skill
Skillv2.0.3
VirusTotal security
Strands Agents SDK · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:25 AM
- Hash
- 73d4d29df35cf04df07a9f976e8a08f7ea824297d64d14f405e607387dda2943
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: strands Version: 2.0.3 This skill bundle is classified as suspicious due to the inherent high-risk capabilities it provides for AI agents. The `SKILL.md` and `references/cheatsheet.md` openly advertise built-in tools such as `shell`, `http_request`, `file_read`, `file_write`, `python_repl`, and `environment`. Furthermore, the `scripts/create-agent.py` script generates agents that include `run_command` (executing `subprocess.run(command, shell=True)`), `read_file`, and `write_file` tools. While these capabilities are transparently presented as features of an AI agent SDK, they grant extensive access to the host system (file system, shell, network, environment variables), which could be leveraged for data exfiltration, persistence, or arbitrary code execution if the agent or its user has malicious intent. There is no clear evidence of intentional malicious behavior within the skill bundle itself, such as hidden exfiltration targets or obfuscated payloads, but the broad permissions and execution capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal