Back to skill
Skillvv1.0.1
VirusTotal security
Zerodha · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- 19f6cb2b7348d074dfb3fae244876dd7f105a82115fce53e4a5e806a2689e69b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zerodha-kite Version: v1.0.1 The skill bundle is classified as suspicious due to its installation instructions in `SKILL.md`. It directs the AI agent to download and execute remote scripts directly from `raw.githubusercontent.com` using `curl | sh`, `wget | sh`, and `irm | iex` commands. While the stated purpose is to install a legitimate CLI, this method introduces a significant supply chain vulnerability, allowing arbitrary code execution if the remote repository or script is compromised. There is no direct evidence of malicious intent within the skill bundle itself, but the inherent risk of executing untrusted remote code makes it suspicious.
- External report
- View on VirusTotal