Back to skill
Skillv1.0.1
VirusTotal security
opensoulmd · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:05 AM
- Hash
- 0bc3c13c949662425422cb000020137ae89938ee8e73595fa5b844b0225650c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: opensoulmd Version: 1.0.1 The skill is classified as suspicious due to its installation method defined in `SKILL.md`. It uses `curl -fsSL https://opensoul.md/install.sh | sh` to install the `soul` binary. This practice, while common for CLI tools, is a significant supply chain risk as it executes an arbitrary remote script without prior review, making the system vulnerable to compromise if the `opensoul.md` domain or the `install.sh` script is ever malicious or compromised. There is no direct evidence of intentional malicious behavior within the provided files, but this installation method presents a critical vulnerability.
- External report
- View on VirusTotal