Back to skill
Skillv1.0.0
VirusTotal security
Dnote · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:16 AM
- Hash
- d6ab8381107e13505adca66aece9eaa2dd40802e6cd04e3531aa24ea47b9f93a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dnote Version: 1.0.0 The skill is classified as suspicious primarily due to the `curl -s ... | sh` installation method provided in `SKILL.md`. This method is a significant supply chain vulnerability, as it executes arbitrary code downloaded from the internet, posing a critical RCE risk during setup. While the `scripts/dnote.sh` wrapper itself correctly double-quotes arguments when calling the `dnote` binary, preventing direct shell injection within the wrapper, the overall reliance on an external binary and the risky installation instructions warrant a 'suspicious' classification.
- External report
- View on VirusTotal