Back to skill
Skillv1.0.0
VirusTotal security
Solidity LSP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:35 AM
- Hash
- ae80da12711b5ff07a0c75fbb82d1dca4c1bee74bc8654d2837887c8e8964895
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: solidity-lsp Version: 1.0.0 The skill bundle is classified as suspicious due to the use of `curl -L ... | bash` for installing Foundry in `references/frameworks.md`. While this method is common for installing developer tools and the URL points to the official Foundry domain, it represents a high-risk capability as it executes arbitrary code directly from the internet, which could be exploited if the remote server were compromised. There is no clear evidence of intentional malicious behavior like data exfiltration or prompt injection against the agent, but the installation method itself introduces a significant supply chain risk.
- External report
- View on VirusTotal