Back to skill
Skillv2.2.1
VirusTotal security
Huo15 Openclaw Multi Agent · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 24, 2026, 4:16 AM
- Hash
- 9ffeba7495ca37fee62294005da731bbddff2ec7b7d1d29a9d6ea0097802ce90
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: huo15-openclaw-multi-agent Version: 2.2.1 The skill bundle provides a framework for multi-agent coordination but contains multiple command and code injection vulnerabilities. Specifically, scripts like `coordinator.sh` and `team.sh` pass unsanitized shell variables directly into Python one-liners (e.g., using heredocs to execute Python code that embeds `$task_id` or `$result`), which allows for arbitrary Python code execution if the inputs are maliciously crafted. While the overall intent appears to be functional task management within the OpenClaw environment, the lack of input sanitization in these scripts poses a significant security risk.
- External report
- View on VirusTotal