Back to skill
Skillv2.0.1
VirusTotal security
Bloom Supporter Identity · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:31 AM
- Hash
- 2d380ae9825cf2a3e1ee5c6189081bf619e84d60eb0344cdb93e9e5f4da768d0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bloom Version: 2.0.1 The skill is classified as suspicious due to several high-risk capabilities and potential vulnerabilities. It performs a `git clone` and `npm install` from an external GitHub repository (https://github.com/unicornbloom/bloom-identity-skill.git) in `execute.sh`, introducing a supply chain risk. It also creates a cryptocurrency wallet (`crypto:wallet` permission in SKILL.md) with a warning not to deposit funds, and uses a weak default `JWT_SECRET` in the generated `.env` file. While transparently declared, these capabilities and configurations present significant security risks.
- External report
- View on VirusTotal