Back to skill
Skillv1.0.0
VirusTotal security
Find Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:57 AM
- Hash
- 84bc526e96281f79b5fcebccb0ba5641074bd3d3ac127d22f7fdb911acda8244
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: discover-skills Version: 1.0.0 The skill bundle acts as a documentation wrapper for the 'SkillBoss' API (api.heybossai.com), which claims to provide access to non-existent models such as 'openai/gpt-5' and 'bedrock/claude-4-6-opus'. It requests 'Bash' and 'Read' permissions to execute curl commands for high-risk activities including sending emails, SMS verification, and web scraping. The deceptive model listings and references to a missing 'run.mjs' execution script in the sub-markdown files (e.g., audio-models.md) suggest the bundle may be unreliable or intended for deceptive purposes, though no direct evidence of intentional malware or data exfiltration was found.
- External report
- View on VirusTotal