Back to skill
Skillv1.0.0
VirusTotal security
NEAR Protocol CLI installation and setup guide. · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:01 AM
- Hash
- 353a1f5e8a061faf31ca96f54b0e2735b7d9b8688cc603ffee22ee72f3a908f8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: near-cli-tools Version: 1.0.0 The skill is designed to install and configure the NEAR Protocol CLI, which involves executing commands that interact with the blockchain. It uses the `curl | sh` pattern for installation (e.g., `curl ... | sh` in SKILL.md and README.md), which is an inherent Remote Code Execution (RCE) vulnerability risk, as it executes arbitrary code downloaded from a remote server. While this is a common installation method for many legitimate tools, it represents a significant security flaw if the remote script or its source (GitHub) were compromised. Additionally, the `README.md` lists `near account export-account` as a common command, which could expose sensitive credentials if an agent were prompted to execute it, although the skill does not explicitly instruct the agent to misuse this command. These elements, while not indicative of intentional malice by the skill author, introduce significant security risks for an AI agent and the system it operates on.
- External report
- View on VirusTotal