Back to skill
Skillv1.0.0
VirusTotal security
Niri IPC · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:14 AM
- Hash
- bcfa6bf41fdc0ad397b3bf3467cd798911fd70d590066ed00add7c0de2ab28a9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: niri-ipc Version: 1.0.0 The skill provides direct and low-level access to the Niri Wayland compositor's IPC, including the ability to execute arbitrary shell commands via the `spawn-sh` action, as demonstrated in `SKILL.md` and implemented through `scripts/niri.py`. Furthermore, `scripts/niri_socket.py` allows raw interaction with the IPC socket, enabling any Niri IPC command to be sent, which could include destructive actions. While these capabilities are inherent to the Niri IPC and align with the skill's stated purpose, they represent significant high-risk behaviors without clear evidence of intentional malicious use within the skill bundle itself.
- External report
- View on VirusTotal