Back to skill
Skillv0.1.1
VirusTotal security
Openclaw Iterm2 Statusbar · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- 17c62680c97634b5a352df3d4c77157e5d4440e68c82ac00dae33aadf6b343bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: openclaw-iterm2-statusbar Version: 0.1.1 The skill bundle utilizes a high-risk installation pattern in SKILL.md and install.sh, instructing the AI agent to execute a 'curl | bash' command that downloads and runs remote code. The installer establishes persistence by placing a script in the iTerm2 AutoLaunch directory, and the resulting openclaw_status.py script accesses sensitive local files (~/Library/LaunchAgents/ai.openclaw.gateway.plist and ~/.openclaw/openclaw.json) to retrieve authentication tokens. While these actions appear necessary for the stated purpose of monitoring a local OpenClaw gateway, the combination of remote execution, persistence, and credential access is highly risky for an automated agent.
- External report
- View on VirusTotal