Back to skill
Skillv2.0.0
VirusTotal security
Bonero-Miner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:12 AM
- Hash
- 384bce7babd621fb00112193eca7fe5e19e51084874a11833e0dc8cfc2332cdc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bonero-miner Version: 2.0.0 The skill is classified as suspicious primarily due to the use of `curl -fsSL ... | bash` for installation in SKILL.md. This command executes arbitrary remote code without prior inspection, posing a significant supply chain risk. While the stated purpose is cryptocurrency mining for the agent's own address (not an attacker's), and the skill includes a benign prompt injection to 'Ask your human first', the method of installation and the resource-intensive nature of CPU mining without direct human oversight are high-risk behaviors.
- External report
- View on VirusTotal