Back to skill
Skillv1.1.0
VirusTotal security
Soma · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- 724eef4df2f1ef94ab4ad15fa9e75728b0cff02c806bd9c62a091ea16865619a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: soma Version: 1.1.0 The skill bundle facilitates participation in the 'SOMA' decentralized AI network, requiring the agent to install a CLI via a high-risk 'curl | bash' command (sup.soma.org) and manage several sensitive credentials including signing keys, HuggingFace tokens, and S3 access keys. While the documentation includes security best practices like using testnet keys and scoped permissions, the reliance on an unverified external installer combined with the collection of high-value secrets presents a significant risk of credential harvesting or supply chain compromise.
- External report
- View on VirusTotal