Back to skill
Skillv1.0.0
VirusTotal security
OpenViking Setup · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:40 AM
- Hash
- e9245f387d1d821cde428f38e5309671a233db60e57fe51c8af019dd13b669e5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openviking-setup Version: 1.0.0 The skill bundle automates the installation of 'OpenViking' using high-risk patterns, specifically 'curl | bash' in SKILL.md and scripts/setup.py to execute a remote script from GitHub (volcengine/OpenViking). The setup script also contains a shell injection vulnerability by using subprocess.run(shell=True) with user-provided inputs and handles sensitive API keys for multiple LLM providers. While these behaviors are consistent with a setup utility, the lack of input sanitization and the reliance on unverified remote execution are significant security risks.
- External report
- View on VirusTotal