Back to skill
Skillv0.6.0
VirusTotal security
ical · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:54 AM
- Hash
- 8ca65369d45b407049995bd3b1cffedb4e9383285f6daaad3175e9dc388da177
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ical-cli Version: 0.6.0 The skill is classified as suspicious due to the `ical skills install` command documented in `SKILL.md` and `references/commands.md`. This command allows the `ical` binary to install skill definitions into the local skill directories of other AI agents (e.g., `~/.claude/skills/ical-cli/`, `~/.agents/skills/ical-cli/`). While presented as an interoperability feature, this capability represents a significant trust boundary crossing, enabling one tool to modify the operational environment of other agents. This is a powerful and potentially risky action that could be abused if the `ical` binary itself were compromised, even though the documentation does not show explicit malicious intent.
- External report
- View on VirusTotal