Back to skill
Skillv1.0.0
VirusTotal security
Aionis · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:05 AM
- Hash
- 6a28a074254f6b83c56a108597fb8e2f31c759064b4d00f9996c239b61dee9ef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aionis Version: 1.0.0 The skill is classified as suspicious due to the explicit instruction in `SKILL.md` for the AI agent to execute a local shell script (`bash ./bootstrap-local-standalone.sh`). This script, `bootstrap-local-standalone.sh`, performs high-risk operations including pulling and running Docker containers (`ghcr.io/cognary/aionis:standalone-v0.2.5`), generating API keys using `openssl`, and writing configuration files to the local filesystem. While these actions are intended to set up a local dependency for the skill, granting an AI agent the capability for arbitrary shell command execution and Docker operations represents a significant remote code execution (RCE) risk and a powerful attack surface if the script or its dependencies were compromised. There is no clear evidence of intentional malicious behavior like data exfiltration or backdoor installation within the provided files, but the broad permissions and risky capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal