Back to skill
Skillv1.1.1
VirusTotal security
ClawBridge · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:29 AM
- Hash
- ecfc2a1438ad814728638a990817ba6b0351f596a4705fc9c81da7fade42f01b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawbridge Version: 1.1.1 The skill is classified as suspicious primarily due to its installation method, which involves piping a remote shell script directly to `bash` (`curl -sL https://raw.githubusercontent.com/dreamwing/clawbridge/master/install.sh | bash`) as specified in SKILL.md. This practice introduces a significant supply chain vulnerability, allowing arbitrary code execution from an external source at install time without prior inspection. Additionally, the skill downloads and executes another external binary (`cloudflared` from github.com/cloudflare/cloudflared) and establishes persistence via a user-level systemd service, both of which are high-risk capabilities, even if declared for legitimate purposes.
- External report
- View on VirusTotal