Back to skill
Skillv1.0.0
VirusTotal security
Yuzhua (驭爪) - Gesture-Controlled OpenClaw Chat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:18 AM
- Hash
- 4c18c99c9cdfdbeec620d178ad7ac30b42ac7d2651011a134f6b54063e0f6b30
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: yuzhua Version: 1.0.0 The skill bundle is designed to install and manage the 'Yuzhua' project by cloning its repository from GitHub and executing its local scripts. The primary security concern lies in scripts/install.sh and scripts/start.sh, which download and execute code from an external source (https://github.com/juguangyuan520-dotcom/Yuzhua.git) without any integrity checks or sandboxing. While this behavior is consistent with the skill's stated purpose, the execution of unverified remote scripts constitutes a significant supply-chain risk and a potential vector for remote code execution.
- External report
- View on VirusTotal