Back to skill
Skillv1.0.0
VirusTotal security
Unified Find Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:09 AM
- Hash
- f960cba4bf1e2bd7df33268525b0c072c8b45ea92af6ccf367c80539ef462d44
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: unified-find-skills Version: 1.0.0 This skill is classified as suspicious due to its core functionality involving the installation of external agent skills and CLIs from third-party registries (skills.sh, clawhub.com, tessl.io, npm) via commands like `npx skills add`, `clawhub install`, `tessl install`, and `npm install -g`. While this is the stated purpose of the skill, it introduces a significant supply chain risk, as it enables the agent to fetch and execute arbitrary code from untrusted or potentially compromised sources. The `SKILL.md` also instructs the agent to use `curl` for web scraping, involving network access and command piping. There is no direct evidence of intentional malicious behavior (e.g., data exfiltration, backdoor installation) within this specific skill bundle itself, but its powerful capabilities present a high-risk attack surface if misused or if the external registries are compromised.
- External report
- View on VirusTotal