Back to skill
Skillv1.0.0
VirusTotal security
Kubera · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:35 AM
- Hash
- 3f1b9d8dc01367d49119863b66606bec009aa9a4b1812cec156bc0731b55297c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: kubera-skill Version: 1.0.0 The skill bundle is a legitimate client for the Kubera API, designed to read and manage portfolio data. It uses standard and secure practices for API interaction, including HMAC-SHA256 authentication and retrieving credentials from environment variables. The `scripts/kubera.py` file makes network requests only to `https://api.kubera.com` and includes a `--confirm` flag for write operations, which is a good safety measure. There is no evidence of data exfiltration to unauthorized endpoints, malicious execution, persistence mechanisms, obfuscation, or prompt injection attempts against the AI agent in `SKILL.md`.
- External report
- View on VirusTotal