Back to skill
Skillv1.0.0
VirusTotal security
apix · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- bfa8574dd92dbfcbddde3044c0fa7201f52bdbf4977eb9f86f2458cae07db9bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: apix Version: 1.0.0 The skill bundle describes a CLI tool for API exploration but includes high-risk installation instructions in SKILL.md that direct the agent to execute a remote script via 'curl | sh' from apix.sh. This pattern is a significant security risk as it facilitates unverified remote code execution (RCE) and introduces a supply-chain vulnerability. While the tool's ability to make arbitrary HTTP calls (apix call) is aligned with its stated purpose, the combination of automated installation and broad network access warrants a suspicious classification.
- External report
- View on VirusTotal