Back to skill
Skillv0.1.5
VirusTotal security
Ai Content Pipeline · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:41 AM
- Hash
- 1759d63e938d0da35f16ba276660ef12e8ff77894556880b6d29e8a2215989eb
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-content-pipeline Version: 0.1.5 The skill is classified as suspicious due to two primary security risks. Firstly, the `SKILL.md` instructs the AI agent to install the `inference.sh` CLI using `curl -fsSL https://cli.inference.sh | sh`. While the skill provides a note explaining the installer's function, executing remote scripts directly via `curl | sh` is a significant supply chain vulnerability, as it relies entirely on the integrity of the remote server and script. Secondly, the `allowed-tools: Bash(infsh *)` permission grants the agent broad capabilities to execute any `infsh` command, which, while used benignly in the provided examples, presents a potential for abuse if the `infsh` CLI itself has vulnerabilities or if the agent is prompted maliciously by a user to execute harmful `infsh` commands.
- External report
- View on VirusTotal