Back to skill
Skillv1.0.0
VirusTotal security
Kirk Content Pipeline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:00 AM
- Hash
- 384c3ad0c7499e3468a14682c1aaf96a571593f5f7464b6266184fdf086036d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: kirk-content-pipeline Version: 1.0.0 The skill is classified as suspicious due to explicit instructions to bypass security controls and the presence of a known deserialization vulnerability. Specifically, `SKILL.md` instructs the agent to create a symlink from `/Users/Shared/ksvc/pdfs/YYYYMMDD` into its project directory (`.claude/pdfs-scan`) to circumvent subagent sandboxing, which is a deliberate security bypass. Additionally, the `scripts/build_extraction_cache.py` script deserializes `state.pkl` using `pickle.load`, a known vulnerability that could lead to arbitrary code execution if a malicious pickle file is introduced. The skill also makes external network calls to `kicksvc.online` for stock holdings checks, a custom domain that warrants scrutiny, though its use is aligned with the stated purpose.
- External report
- View on VirusTotal