Back to skill
Skillv0.1.8
VirusTotal security
Nummo · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:49 AM
- Hash
- 3413349136040fc3fec2d6cd9e3d406ecfcf742884de71519d25c0d84cc09cd9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: nummo Version: 0.1.8 The `reference/install.md` file instructs users to install the CLI binary using `curl -fsSL https://nummo.ai/install | sh`. This method executes a script downloaded from a remote URL (`https://nummo.ai/install`) directly, posing a significant supply chain risk and potential for arbitrary code execution if the remote server is compromised or the script itself is malicious. While the `SKILL.md` describes a legitimate (though sensitive) financial management skill and includes good agent guidelines, the `curl | sh` installation method introduces a critical security vulnerability, classifying it as suspicious due to high-risk capabilities without clear malicious intent within the provided files.
- External report
- View on VirusTotal