VirusTotal can't detect agent-specific malware
6,487 malicious agent tools are undetectable by VirusTotal and traditional malware scanners. These tools don’t trigger signature-based detection because they don’t look like traditional malware. They look like normal agent skills — because that’s what they are, with a few extra lines that exfiltrate data or establish persistence. Why this matters The security industry has spent 30 years building increasingly sophisticated malware detection. Signature databases, behavioral heuristics, sandbox detonation, ML classifiers — all tuned for executables, scripts, and documents that do obviously malicious things. Agent-specific malware doesn’t fit this model. A malicious OpenClaw skill is a valid Python file that performs a legitimate function AND quietly sends your API keys to an external server. There’s no shellcode, no packing, no obfuscation. VirusTotal has nothing to flag. ...