Back to skill
Skillv1.0.0
VirusTotal security
Paperclip · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:29 AM
- Hash
- cd991e1f2fef3de762bc2840b269591d88de6c593b665550103497f2038a5b91
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: paperclip Version: 1.0.0 The skill bundle facilitates the management of the Paperclip AI orchestration framework, requiring high-risk capabilities such as shell command execution (npx, pnpm), file system access (~/paperclip/), and network communication (curl). While these actions are aligned with the stated purpose of setting up and operating an agent control plane, the use of 'npx paperclipai onboard --yes' and direct API interactions via curl (as seen in SKILL.md, quickstart.md, and operations.md) represent a significant attack surface. No evidence of intentional malice, data exfiltration, or obfuscation was found, but the broad execution permissions qualify the bundle as suspicious under the provided criteria.
- External report
- View on VirusTotal