Back to skill
Skillv2.0.1
VirusTotal security
ZipCracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:48 AM
- Hash
- d59abe4045c60b96065de9d1c252758630c1835d7d4978ca86e78ce37ec92d66
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zipcracker Version: 2.0.1 The zipcracker skill bundle provides advanced ZIP recovery and cracking capabilities, including dictionary, mask, and known-plaintext attacks (KPA). It is classified as suspicious primarily due to high-risk automated environment setup routines in 'scripts/zipcracker_core.py'. Specifically, the script contains logic to automatically download and execute binaries from GitHub (kimci86/bkcrack) and can generate and execute shell commands to install system-level dependencies using 'sudo' (e.g., 'apt install', 'dnf install'). While these features are intended for legitimate dependency management in CTF contexts and are gated by user prompts, the ability to fetch remote payloads and execute privileged shell commands represents a significant security risk and potential for abuse.
- External report
- View on VirusTotal