Back to skill
Skillv0.1.9
VirusTotal security
Uimap · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- 400679a00e24307e6a21da8a4c93a636d9419ea027ecfa6b20cde1b871da4abb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: uimap Version: 0.1.9 The skill bundle documentation in SKILL.md promotes a high-risk installation method using 'curl | bash' from a non-standard domain (s.dwimg.top), which is a common vector for executing unverified remote payloads. While the tool's stated purpose of UI mapping is plausible, the combination of remote script execution and interactive OAuth login (uimap login) warrants caution as it could be used to compromise the agent's environment or capture credentials.
- External report
- View on VirusTotal