Back to skill
Skillv1.0.3
VirusTotal security
Lightpanda browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 11, 2026, 3:30 AM
- Hash
- 862b94a828d9794fe81b72a5958f6b2edf9891f78a0a50c7653925ffed5fe383
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lightpanda-browser Version: 1.0.3 The skill is classified as suspicious due to its reliance on downloading and executing an external binary from a third-party GitHub repository (`https://github.com/lightpanda-io/browser/releases/download/nightly/`) via `scripts/install.sh`. While the script includes checksum verification against the GitHub API, this still introduces a significant supply chain risk. The use of 'nightly' builds further increases this risk, as they are typically less stable and subject to frequent changes, potentially introducing vulnerabilities. There is no evidence of direct malicious intent like data exfiltration or backdoor installation within the provided files, and the `SKILL.md` does not contain prompt injection attempts.
- External report
- View on VirusTotal