Back to skill
Skillv0.1.0
VirusTotal security
Exa Cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:19 AM
- Hash
- fe5dc8695f92e0015aa6988bc4f117079119a7d49522dee269003095582fa382
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: exa-cli Version: 0.1.0 The skill bundle contains setup instructions in SKILL.md that employ high-risk execution patterns, specifically a 'curl pipe bash' command (curl -fsSL https://bun.sh/install | bash) to install the Bun runtime. It also instructs the agent to install a third-party CLI tool directly from a specific GitHub user repository (Melvynx/exa-cli) via npx api2cli. While these actions are consistent with the stated goal of providing an Exa AI interface, the reliance on unverified remote script execution and third-party supply chain dependencies poses a significant security risk.
- External report
- View on VirusTotal