Back to skill
Skillv1.0.0
VirusTotal security
rem · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:45 AM
- Hash
- 7953e934a3ab059b5a188f1c3f48deada085281d270095e87c92935f0e5a34ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rem-cli Version: 1.0.0 The skill bundle is classified as suspicious primarily due to its installation method, which involves executing a script downloaded via `curl -fsSL https://rem.sidv.dev/install | bash` as instructed in `SKILL.md`. This is a significant supply chain risk, as it allows arbitrary code execution from an external domain, making the system vulnerable if `rem.sidv.dev` were compromised. Additionally, the `rem` tool's ability to write to sensitive agent skill directories (e.g., `~/.openclaw/skills/rem-cli/`) via `rem skills install` grants it powerful file system access, which, while intended for legitimate skill integration, could be exploited if the `rem` binary itself were compromised. The mention of `REM_NO_UPDATE_CHECK=1` also suggests background network activity for update checks.
- External report
- View on VirusTotal