Back to skill
Skillv1.0.0
VirusTotal security
Antfarm Workflows · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:11 AM
- Hash
- 8b789c4b5997e710929c9dc40d2b3057ddd52f011c5e64deeefa3d983d4540d0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: antfarm-workflows Version: 1.0.0 The skill is classified as suspicious due to a significant potential for prompt injection and arbitrary command execution (RCE) via user-provided input. The `SKILL.md` instructs the agent to execute commands like `node ~/.openclaw/workspace/antfarm/dist/cli/cli.js workflow run <workflow-id> "<detailed task with acceptance criteria>"`. If the `<detailed task with acceptance criteria>` string, which is user-controlled, is not properly sanitized or escaped by the `cli.js` script or subsequent agent logic, it could lead to shell injection. Additionally, the skill manages persistent cron jobs and can start a local dashboard, granting broad system control capabilities that increase the attack surface.
- External report
- View on VirusTotal