Back to skill
Skillv1.0.1
VirusTotal security
CitrineOS Assistant · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:20 AM
- Hash
- fa84431e5ef1aa0bbce8d9ae796ef1ff2649101099daf3cbc28ebc609bcd9e38
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: citrineos-assistant Version: 1.0.1 The skill is designed to assist with the installation and management of CitrineOS, an open-source EV charging server. It explicitly requests access to `shell`, `http`, and `filesystem` tools, which are necessary for its stated purpose. All commands specified in `skill.md` are directed at official repositories (e.g., `git clone https://github.com/citrineos/citrineos-core`), local execution (`npm run`, `docker-compose`), or local health checks (`curl http://localhost:8080/health`). Crucially, the `skill.md` includes a 'Security note' that advises against piping remote scripts to the shell and emphasizes using package managers, demonstrating a clear intent to follow secure practices. There is no evidence of data exfiltration, persistence mechanisms, or prompt injection attempts from the skill itself against the agent. The skill's instructions are transparent and align with its described functionality.
- External report
- View on VirusTotal