Back to skill
Skillv1.0.1
VirusTotal security
Hide My Email · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:22 AM
- Hash
- aa9889fef5aa82502d1460f69cee4d303802b4643cc00fea07bde60c6be097ea
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: hide-my-email Version: 1.0.1 The skill is classified as suspicious due to the use of `curl -fsSL ... | sh` as an installation method in `SKILL.md` and `README.md`. While the `install.sh` script provided within this bundle appears benign and performs standard installation steps (cloning from GitHub, copying files, suggesting PATH modification), the `curl | sh` pattern is a significant supply chain vulnerability. It allows arbitrary code execution from a remote source, making the installation process susceptible to compromise if the GitHub repository or CDN were to be maliciously altered. Additionally, the `SKILL.md`'s 'git' install option directly appends to `~/.zshrc` without explicit user confirmation, which, while common for CLI tools, is a direct modification of a user's shell configuration.
- External report
- View on VirusTotal