Back to skill
Skillv1.0.3
VirusTotal security
Moltbot Security · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:07 AM
- Hash
- 6a74cb35943699db824deb89d24382b940c58b4fda2e1f11a202b17c98ddfa4f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moltbot-security Version: 1.0.3 The skill's stated purpose is security hardening, which is benign. However, the `SKILL.md` file instructs the AI agent to execute several powerful system commands, including `curl -fsSL https://deb.nodesource.com/setup_22.x | sudo -E bash -`. While intended for a legitimate Node.js update from a known source, this pattern of piping a remote script to `bash` with root privileges represents a significant supply chain risk and a potential Remote Code Execution (RCE) vulnerability if the remote source were compromised. This falls under 'risky capabilities without clear malicious intent' as per the classification guidelines, making the skill suspicious.
- External report
- View on VirusTotal