Back to skill
Skillv1.0.0
VirusTotal security
Copilot Cli Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:36 AM
- Hash
- c14da00aee3aff3e3e32e5afcab116e1959e3aff099717580926f0c2065c982c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: copilot-cli-skill Version: 1.0.0 The skill provides a wrapper for the GitHub Copilot CLI, enabling an AI agent to perform complex coding and system tasks. It is classified as suspicious because the instructions in `SKILL.md` and `references/copilot-usage-recipes.md` explicitly encourage the use of high-risk execution flags like `--allow-all-tools`, which grants the underlying Copilot agent broad authority to execute shell commands and modify the filesystem. While these capabilities are necessary for the stated purpose, the lack of enforced safety boundaries and the promotion of full autonomy represent a significant security risk if the agent is targeted by prompt injection.
- External report
- View on VirusTotal