Back to skill
Skillv0.1.0
VirusTotal security
Widget · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:32 AM
- Hash
- 1b8896ab74513e99de45fdcb5c0fcf1acf56a6a1e6055081fc0a06baf27ca4e6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: widget Version: 0.1.0 The skill bundle provides functionality for managing Übersicht desktop widgets but includes several high-risk behaviors. The `scripts/setup.sh` script automatically downloads and installs a third-party macOS application (`Übersicht.app`) by fetching metadata from Homebrew and executing `ditto` and `xattr` to bypass security controls. Additionally, `templates/git-pulse.jsx` performs a broad search of the user's home directory (`find ~ -maxdepth 3`) to locate Git repositories. While these actions are aligned with the stated purpose of the skill, the automated installation of binaries and filesystem scanning are significant risks that warrant caution. External network requests are also made to `wttr.in` in `templates/weather-canvas.jsx`.
- External report
- View on VirusTotal