Back to skill
Skillv1.0.0
VirusTotal security
Kagi Summarizer · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:19 AM
- Hash
- bbe72e07cf4b9f0bc69bc04921b72557cb437a25234ae67c6ca109259bae7839
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kagi-summarizer Version: 1.0.0 The skill is classified as suspicious due to a significant supply chain vulnerability in the `kagi-summarizer.sh` script. This script automatically downloads and executes a pre-built Go binary from `github.com/joelazar/kagi-skills` without performing any checksum verification. Although the `SKILL.md` documentation recommends manual checksum verification, the automated script does not implement it, creating a critical integrity risk where a compromised GitHub repository could lead to the execution of malicious code. The core Go application (`main.go`) appears benign, performing only legitimate interactions with the Kagi API.
- External report
- View on VirusTotal