Back to skill
Skillv1.0.0
VirusTotal security
automation browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:14 AM
- Hash
- 0317475a890e04d4c52d6060623dfb5d7c74a266c0fcb0fab02658160a5f8f90
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: automation-browser Version: 1.0.0 The skill bundle performs high-risk system-level operations, including downloading and installing Debian/RPM packages and Python wheels from a remote Tencent domain (qq.com) using root privileges. It also starts a background network service (x5use-linux-mcp) on port 18009 to facilitate browser control. While these actions are consistent with the stated goal of browser automation via the X5 kernel, the execution of remote binaries and the requirement for system-wide installation (install_dep.sh, setup.sh) pose significant security risks without further verification of the external artifacts.
- External report
- View on VirusTotal