Back to skill
Skillv1.0.0
VirusTotal security
Google Jules Tools CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:38 AM
- Hash
- a62c9165842dd3044f458799331bb35e24ca40808def55ebf952545e69e8d1d1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-jules-cli Version: 1.0.0 The skill requests `exec` permissions for `npm` in `SKILL.md`, which is a powerful command capable of arbitrary code execution. While the skill's instructions only direct the agent to install the specific `@google/jules` package, the broad `npm` permission and the explicit instruction to potentially use `sudo npm install -g` represent a significant vulnerability. This capability, though intended for a benign installation, could be exploited if the agent is compromised or if a malicious prompt is crafted, potentially leading to remote code execution with elevated privileges.
- External report
- View on VirusTotal