Back to skill
Skillv0.3.2
VirusTotal security
@kanyun/rush-find-skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:27 AM
- Hash
- b533c4acd6f1207639ae5aac6b1ef4860d68324cc1274211c9ac835f0ee0b468
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rush-find-skills Version: 0.3.2 The skill is classified as suspicious due to its explicit instructions for the AI agent to perform high-risk operations, including direct shell command execution (`npm`, `npx`, `which`, `reskill`, `mkdir`, `echo`), reading environment variables (`RESKILL_REGISTRY`), and scanning the file system for configuration files (`skills.json`) and agent directories (`.cursor/`, `.claude/`). While these actions are presented as necessary for the stated purpose of finding and installing skills via the `reskill` package manager, they introduce a significant attack surface. A lack of robust input sanitization by the agent when constructing commands from user input or discovered data could lead to shell injection or unauthorized file access, even though the `SKILL.md` itself does not instruct malicious intent.
- External report
- View on VirusTotal