Back to skill
Skillv1.0.0
VirusTotal security
Lukso Expert · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:13 AM
- Hash
- 4dfe80a55024b7e3982ce26c6d7b898d5e9c0ef1768b8ef5f8f45b1cc05365bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lukso-expert Version: 1.0.0 The skill bundle contains instructions and code snippets that present significant vulnerabilities. Specifically, `references/ecosystem.md` includes the instruction `curl https://install.lukso.network | sh`, which is a direct shell command to download and execute a remote script. This constitutes a critical Remote Code Execution (RCE) vulnerability if the AI agent were to execute it, as it allows arbitrary code from an external source to run. Additionally, `references/dev-patterns.md` uses `process.env.PRIVATE_KEY!` in code examples, which, while common in development, exposes sensitive information if the execution environment is compromised. These are vulnerabilities that allow attacks, classifying the bundle as suspicious rather than malicious.
- External report
- View on VirusTotal