Back to skill
Skillv2.1.2
VirusTotal security
Review Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 25, 2026, 1:06 AM
- Hash
- ab65b866d82fe52a20c674739034cde0b5e478929ae51af6a5c914a9c123664c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: review-agent Version: 2.1.2 The skill bundle implements a complex 'Review Agent' with significant system-level interactions. While the logic appears aligned with its stated purpose, it exhibits high-risk behaviors including the use of subprocesses to execute external binaries (pdftotext, tesseract, whisper) on user-provided files in 'ingest.py', and it requires an invasive 'source patch' to the OpenClaw core platform (modifying node_modules) as described in 'POST_INSTALL.md'. Additionally, it handles sensitive API keys across multiple legacy and current configuration paths and performs automated network requests to GitHub and OpenRouter. These capabilities, particularly the platform patching, represent a significant security risk and high attack surface, though no clear evidence of intentional malice was found.
- External report
- View on VirusTotal