Back to skill
Skillv0.3.2
VirusTotal security
Declaw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- d80da2b37188943f52d0a2e97886651c37532b8813f50dd023dd5b427eef0158
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: declaw Version: 0.3.2 The skill facilitates peer-to-peer messaging over the Yggdrasil IPv6 overlay network, which inherently allows data transmission to external endpoints. A primary concern is the instruction in 'references/install.md' directing users to execute a remote shell script via 'curl | sudo bash' (setup-yggdrasil.sh), a high-risk pattern that could lead to remote code execution. Additionally, the skill encourages agents to connect to and message external 'Bootstrap AI Agents' (hosted on AWS and discovered via a GitHub-hosted JSON file), which could be used for metadata collection or message interception.
- External report
- View on VirusTotal