Back to skill
Skillv1.0.2
VirusTotal security
Silmaril Ranger · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:44 AM
- Hash
- d25f2f6efd861bd0d0f0e07e69ea2f847922ef83b0b48f5496d5ca50bb67e93b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: silmaril-cdp Version: 1.0.2 The skill bundle provides a wrapper for the 'Silmaril CDP' toolkit, which includes high-risk capabilities such as arbitrary JavaScript execution (eval-js) and local traffic interception/modification via mitmproxy (proxy-override). It instructs the agent to download the toolkit from an external GitHub repository (github.com/Malac12/CDP-tools.git) and executes commands using PowerShell with 'ExecutionPolicy Bypass'. While the instructions include safety warnings and require explicit flags for risky actions, the combination of remote code fetching, traffic manipulation, and hardcoded local paths (e.g., C:\Users\hangx\) warrants a suspicious classification.
- External report
- View on VirusTotal