Back to skill
Skillv0.1.5
VirusTotal security
Releaseguard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:49 AM
- Hash
- 1dec070430bf354e892fff49405e19fec1d4f4b684c862958de47681b4021351
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: releaseguard Version: 0.1.5 The skill bundle describes a security tool for artifact hardening, but it includes high-risk installation instructions in SKILL.md that use the 'curl | sh' pattern, which is a common vector for remote code execution. While the documentation advises reviewing the script first, an autonomous agent might execute the command directly. Additionally, the _meta.json file contains an anomalous future-dated timestamp (1774412381985, corresponding to May 2026). Although no explicit malicious intent or data exfiltration was identified, these factors represent significant security risks in an agentic context.
- External report
- View on VirusTotal