Back to skill
Skillv1.0.0
VirusTotal security
Crimson DevLog · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:27 AM
- Hash
- bc3a884684f2579e2fe9cabfa858afb82a8754fc1caf408c563edef9d7b85510
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: Developer: Version: Description: OpenClaw Agent Skill The skill is classified as suspicious due to the `setup.sh` script's actions. This script installs `pipx` and then `dev-log-cli` from PyPI, involving the download and execution of external code. While these actions are aligned with the stated purpose of setting up the journaling tool, they introduce a significant supply chain risk by fetching and executing unverified third-party packages from public repositories (PyPI) without specific version pinning or integrity checks. No explicit malicious intent like data exfiltration or prompt injection was found in `SKILL.md` or other files.
- External report
- View on VirusTotal