Skillv0.1.4

VirusTotal security

Dev Team · External malware reputation and Code Insight signals for this exact artifact hash.

SuspiciousApr 29, 2026, 4:32 AM

Hash: b58889c99996ee97773f73fddab58b534dd063697109e38eb4c08f7b7ef8983a
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: team-dev Version: 0.1.4 The skill bundle is classified as **suspicious** due to multiple critical vulnerabilities and high-risk capabilities. The core issue is the explicit configuration of AI agents (Codex, Claude, Gemini, Cursor) with flags that grant them extremely broad and dangerous permissions, including arbitrary shell command execution and file system access (e.g., `--dangerously-bypass-approvals-and-sandbox`, `--allowed-tools run_shell_command,write_file,read_file,grep_search` in `config/agents.json`). User-provided prompts are directly passed to these highly privileged agents via `scripts/spawn-agent.sh`, `scripts/request-fixup.sh`, and `scripts/review-agent.sh`, creating direct **prompt injection vulnerabilities leading to Remote Code Execution (RCE)**. Additionally, the `dev-board`'s Node.js API (`scripts/dev-board/apps/api/src/server.js`) allows execution of powerful local scripts via `/api/actions/` endpoints if `ENABLE_LOCAL_ACTIONS=1`, posing another RCE risk. While these capabilities are intended for automated software development, the lack of robust input sanitization for prompts and the direct execution of commands based on potentially untrusted input make this skill highly vulnerable to abuse.
External report: View on VirusTotal