Back to skill
Skillv1.0.0
VirusTotal security
Kagi Enrich · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:19 AM
- Hash
- 4c732a30a956ec8eb73b78e0e569166a3b12cd58dcd96dd7adee483601785895
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kagi-enrich Version: 1.0.0 The skill's core functionality, implemented in `main.go`, is benign, interacting with the Kagi API as described. However, the `kagi-enrich.sh` wrapper script, when performing an auto-download of the pre-built binary, fetches it from GitHub without verifying its checksum. While the `SKILL.md` documentation *recommends* checksum verification for manual installation, the automated download in the script does not implement it. This introduces a supply chain vulnerability, as a compromised GitHub release could lead to the execution of an untrusted binary without integrity checks, classifying the skill as suspicious due to this significant security oversight.
- External report
- View on VirusTotal