Back to skill
Skillv1.0.0
VirusTotal security
Camoufox Tools · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:59 AM
- Hash
- 516ad4385293d6cc242832e039b517af434f4df52d00ec53c26e806d330494e9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: camoufox-tools Version: 1.0.0 The skill is classified as suspicious due to the `install.sh` script modifying the user's shell configuration (`.bashrc`, `.zshrc`, or `.profile`) to add its `bin` directory to the PATH, and the `SKILL.md` documentation describing a `fox-eval` command that allows executing arbitrary JavaScript within the browser context. While these capabilities (modifying PATH for CLI tools, and executing JS for browser automation) are aligned with the stated purpose, `fox-eval` represents a significant security risk if untrusted input is passed to it, potentially enabling XSS-like attacks or unauthorized data extraction. There is no clear evidence of intentional malicious behavior such as data exfiltration or backdoor installation within the provided files, but the powerful capabilities without explicit safeguards warrant a 'suspicious' classification.
- External report
- View on VirusTotal