Back to skill
Skillv1.0.0
VirusTotal security
Browser Automation · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:28 AM
- Hash
- 34049cb4cebdcd9c62904378c538dbac4fa0d44b46cf60521a9fbfceb05b29c0
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: browser-automation-pin Version: 1.0.0 The skill bundle for 'PinchTab' provides browser automation capabilities for AI agents, including tools for navigation, interaction, and data extraction. It is classified as suspicious due to high-risk instructions in `skill.md`, specifically the recommendation to install the software via a pipe-to-shell command (`curl | bash`) and the inclusion of features for arbitrary JavaScript execution (`pinchtab__evaluate`) and session persistence. While these capabilities are aligned with the stated purpose of web automation, they represent a significant attack surface without explicit security constraints or input sanitization mentioned in the documentation.
- External report
- View on VirusTotal