Back to skill
Skillv0.3.8
VirusTotal security
Agent Hand · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:47 AM
- Hash
- ec188a17b45ee7810c1352086dff9fa1cf924f8fde1efea83c9a6feb6fd5dc77
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-hand Version: 0.3.8 The skill bundle instructs the AI agent to install software using a high-risk 'curl | bash' pattern from a remote GitHub repository (weykon/agent-hand). It features a 'Hook System' and session monitoring for various AI tools (Claude, Cursor, Gemini), which implies invasive system-level access and potential modification of shell configurations. While the stated purpose is a management dashboard, the combination of remote script execution and broad session interception capabilities presents a significant security risk without clear transparency into the remote payload's behavior.
- External report
- View on VirusTotal