Back to skill
Skillv1.0.1
VirusTotal security
api2cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:31 AM
- Hash
- d85f7af6ebc96930fca9e16437527c75ff2dc4d58fa752a0d24e3196163d25f5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: api2cli Version: 1.0.1 The api2cli bundle provides a framework for an AI agent to autonomously generate, build, and publish CLI tools, requiring broad 'shell', 'network', and 'filesystem' permissions. It employs high-risk patterns such as 'curl | bash' for environment setup (SKILL.md) and automates the management of API tokens stored in the filesystem (references/resource-patterns.md). While the documentation includes security-conscious 'pre-flight' checks and requires manual user intervention for npm publishing, the framework's deep integration with public registries and its ability to programmatically modify system PATHs and agent skill directories (references/openclaw.md) create a significant risk profile without clear evidence of malicious intent.
- External report
- View on VirusTotal