Back to skill
Skillv1.0.2
VirusTotal security
OneScience-Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 12:57 PM
- Hash
- 377f30337af496fee53613d5387182528577322fc9140950766cdcb47c678d4e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: onescience-skills Version: 1.0.2 The bundle provides a comprehensive framework for scientific AI research (OneScience), but contains high-risk instructions in `onescience-installer/SKILL.md` that command the agent to read the user's local `~/.ssh/config` file to identify remote hosts. Additionally, the bundle facilitates automated code generation, remote environment installation via SSH, and job submission to SLURM clusters (`onescience-runtime`, `onescience-debug`), which are powerful capabilities that could be abused. While these behaviors are plausibly aligned with the stated purpose of managing HPC-based scientific workflows, the direct access to sensitive local configuration files and the automated execution of generated scripts on remote systems warrant a suspicious classification.
- External report
- View on VirusTotal