Back to skill
Skillv1.0.4
VirusTotal security
Ai Company V1.0.4 Temp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:31 PM
- Hash
- 174c31948159cf33abb2d2b3e0858185432cf6578d276907a79c6083b742886b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-company-unified Version: 1.0.4 The skill bundle contains instructions for the agent to perform 'silent' operations without user prompt or mention (SOP-L01 in intelligence.md), specifically for creating a directory structure and registry files. While the stated goal is organizational, instructions to hide actions from the user are a significant security red flag. Additionally, the skill references an external PowerShell script for auto-updates (ai-company-auto-update.ps1) located at a specific hardcoded path on the host system, which could be leveraged for unauthorized code execution if the environment is not strictly controlled. Despite the inclusion of restrictive file permissions and security-conscious code templates in platform-and-infrastructure.md, the combination of stealthy instructions and external script dependencies warrants a suspicious classification.
- External report
- View on VirusTotal