Back to skill
Skillv1.0.0
VirusTotal security
Pub Sonoscli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:53 AM
- Hash
- 37f45b34ae76876ed9dfdf826b5354aa8892a51c44f928954de8e08ae32040ea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sonosclis Version: 1.0.0 The skill bundle exhibits deceptive naming and a significant discrepancy between its stated purpose and its actual content. While named 'sonoscli' and claiming to control Sonos speakers, the files contain no Sonos-related logic and instead serve as a comprehensive instruction set for a third-party AI aggregator API (api.heybossai.com). It encourages the agent to perform high-risk actions such as sending emails, SMS, and web scraping, and references a missing execution script 'run.mjs' in several markdown files (audio-models.md, chat-models.md, etc.).
- External report
- View on VirusTotal