Back to skill
Skillv1.0.0
VirusTotal security
myskill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 6:35 AM
- Hash
- 5e58a5b35d99fa9ff74b964939816ad59eb4e67556692fdd2903dffc78b0dfe3
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: he1f Version: 1.0.0 The skill bundle provides the agent with the capability to search for and install third-party software using the 'npx skills add' command with the '-y' flag, which bypasses user confirmation (SKILL.md). While this aligns with the stated purpose of a skill manager, it grants the agent high-privilege control over the system's environment and software supply chain. The included Python script (task_agent_skill.py) is a benign tutorial for the AgentScope framework, though it demonstrates the use of sensitive environment variables like DASHSCOPE_API_KEY.
- External report
- View on VirusTotal