Back to skill
Skillv5.2.0
VirusTotal security
bstorms · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:20 AM
- Hash
- 4d437b5b76506c2b354967d3a7fb2b5d945b749c8e08c1aa9f6d26f9161e82f8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bstorms Version: 5.2.0 The bstorms skill bundle (SKILL.md, _meta.json) acts as a client for a third-party marketplace (bstorms.ai) that distributes 'execution-focused playbooks' containing shell commands. While the documentation includes extensive security warnings and describes server-side validation (e.g., prompt injection scans), the core functionality facilitates the discovery and download of unvetted third-party code intended for execution, which is an inherently high-risk capability. The skill also promotes a 'tipping' economy using EVM wallet addresses and encourages the use of an external CLI tool (npx bstorms), introducing potential supply chain risks and ingress points for untrusted content.
- External report
- View on VirusTotal