Back to skill
Skillv0.1.1
VirusTotal security
Aiusd Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:24 AM
- Hash
- e69109345a73dd7ce9514bf2f280380b36272300116c4a5985cdb6d9d0bd64a8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aiusd-skills Version: 0.1.1 The skill is classified as suspicious due to multiple factors. The `SKILL.md` file contains explicit prompt injection instructions aimed at controlling the AI agent's output and behavior, such as strictly forbidding certain phrases and dictating exact responses for re-authentication. It also instructs the agent to execute shell commands like `npm run reauth` under specific error conditions. Furthermore, both `aiusd-skill-installer.sh` and `aiusd-skill-installer.js` utilize `npm install`, which introduces a supply chain risk by downloading and executing arbitrary code from external dependencies. These installers also employ base64 encoding for the skill package, adding a layer of obfuscation, and use powerful commands like `tar -xzf` and `execSync` (in the JS version) to set up the environment. While the stated purpose of the skill involves high-risk financial operations (trading, withdrawals), the combination of agent manipulation and risky installation practices without clear malicious intent crosses the threshold into suspicious.
- External report
- View on VirusTotal