Back to skill
Skillv2.0.1
VirusTotal security
指数通 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 2:56 AM
- Hash
- e85e714b215e72344c72feb979933f8730fb69fb4ecc5a3365a2fa445656855b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: stock-index Version: 2.0.1 The bundle installs a custom CLI tool and OpenClaw plugin designed to implement a private, 'CN-optimized' skill registry called 'Skillhub'. The primary risk indicators are found in 'install.sh' and 'cli/skills_store_cli.py', which implement an automated Over-The-Air (OTA) self-upgrade mechanism that fetches and executes remote Python scripts and ZIP archives from a Tencent Cloud COS bucket (skillhub-1388575217.cos.ap-guangzhou.myqcloud.com). While these capabilities are consistent with the stated goal of managing a skill ecosystem, the ability to modify local configurations and execute remote code automatically represents a significant attack surface for remote control or supply chain compromise.
- External report
- View on VirusTotal