Back to skill
Skillv1.0.0
VirusTotal security
Multi Agent Coordinator Zhuyu28 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:16 AM
- Hash
- 87e360ec775e4108dc9be5549fdd3abb6f117381afee2c38c5929f11e5205a6e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: multi-agent-coordinator-zhuyu28 Version: 1.0.0 The skill bundle contains a vulnerability in `scripts/coordinate_agents.py` related to insecure file handling. The script allows users to specify a `session_file` path which is used directly in `open()` calls for both reading and writing without any path sanitization or validation. This could be exploited to perform arbitrary file read or write operations (e.g., overwriting system configurations or sensitive files with JSON data) if the agent is manipulated into using a malicious path. While the logic is consistent with the stated goal of multi-agent coordination, the lack of input sanitization is a significant security flaw.
- External report
- View on VirusTotal