Back to skill
Skillv1.0.0
VirusTotal security
NVIDIA NIM Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:30 AM
- Hash
- f3c3db8602a76c7f730d46a9ae24d09fbb99d3a172145d196b6a6fd8cabfdf1a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-nim-skill Version: 1.0.0 The skill is classified as suspicious due to a critical SSL/TLS vulnerability in `scripts/nim_call.py`. The script explicitly disables SSL certificate verification (`ctx.check_hostname = False; ctx.verify_mode = ssl.CERT_NONE`) when making API calls to `https://integrate.api.nvidia.com`. This flaw makes the skill vulnerable to Man-in-the-Middle (MITM) attacks, potentially allowing an attacker to intercept communications, steal the `NVIDIA_API_KEY`, or inject malicious responses. While the overall intent of the skill appears benign and aligned with its stated purpose, this severe security vulnerability warrants a 'suspicious' classification.
- External report
- View on VirusTotal