Back to skill
Skillv1.0.0
VirusTotal security
Camoufox Deploy · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:59 AM
- Hash
- b75886b0115824c25dee1883e9bfcba0a1169234e7925acd2b3eef53021a490e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: camoufox-deploy Version: 1.0.0 The skill is classified as suspicious due to its reliance on multiple high-risk installation methods that introduce significant supply chain vulnerabilities and potential for Remote Code Execution (RCE). The `scripts/install.sh` file uses `curl -LsSf <URL> | sh` to install `uv` and `rustup` from `astral.sh` and `sh.rustup.rs` respectively. It also performs `git clone` from GitHub and `npm install -g` for `agent-browser`, all of which download and execute code from external sources without explicit integrity checks. While these actions are intended to achieve the stated goal of deploying and patching the `camoufox` browser and `agent-browser` tool, they expose the system to compromise if any of the upstream sources or their delivery mechanisms were to be compromised. There is no evidence of intentional malicious behavior, but the methods used are inherently risky.
- External report
- View on VirusTotal