Back to skill
Skillv1.0.0
VirusTotal security
shortaaa · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:19 AM
- Hash
- bcaa77225bf08aeb8e2b685c4eacf8e7881519f7597cd2042fbda1b61c55d7ca
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: short Version: 1.0.0 The skill bundle instructs the AI agent to perform a 'curl | sh' operation from 'https://cli.inference.sh' to install its dependencies. This pattern is a high-risk behavior that allows for arbitrary remote code execution (RCE) and bypasses standard security verification, even though it is presented as a standard installation step. While there is no explicit evidence of malicious intent or data exfiltration, the reliance on unverified remote scripts for environment setup is a significant security concern in an automated agent context.
- External report
- View on VirusTotal