Back to skill
Skillv1.0.3
VirusTotal security
Agent Builder Plus · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 4:39 AM
- Hash
- fe4d35e2de8e55303b40688d4262b4e73b8503fbe10081e9e31bf821f2f6ac80
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: agent-builder-plus Version: 1.0.3 The skill bundle is designed to build and manage OpenClaw agents, including system-level deployment. While the `SKILL.md` and `references/templates.md` files contain extensive safety features and explicit warnings against malicious actions (e.g., data exfiltration, channel hijacking, credential reuse), the agent is instructed to execute arbitrary shell commands, including those with `sudo` privileges and writes to system directories (e.g., `/etc/systemd/system/openclaw-agent.service`). This capability, though intended for legitimate system administration tasks like installing a systemd service, represents a significant prompt injection vulnerability, as a compromised agent could be instructed to execute arbitrary commands on the host system.
- External report
- View on VirusTotal