Back to skill
Skillv0.13.0
VirusTotal security
Mirroir · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:09 AM
- Hash
- f650631180d6e5bd3fdde5bbaba957cac7f12d5eb478754ff6b8ea7de550b351
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mirroir Version: 0.13.0 The skill is classified as suspicious primarily due to its installation method, which involves a `curl | bash` command (`/bin/bash -c "$(curl -fsSL https://mirroir.dev/get-mirroir.sh)"` in SKILL.md). This command executes arbitrary code downloaded from an external domain (`mirroir.dev`), posing a significant supply chain risk and allowing for potential arbitrary code execution. Furthermore, the skill automatically installs and configures Karabiner-Elements, a powerful system utility requiring deep system access (DriverKit extension, Accessibility permissions), and explicitly requires Screen Recording and Accessibility permissions, granting it extensive control and visibility over the user's macOS system and iPhone interactions. While the stated purpose is legitimate iPhone control, the installation method and required permissions introduce severe security vulnerabilities.
- External report
- View on VirusTotal