Back to skill
Skillv1.0.0
VirusTotal security
Raysurfer Code Caching · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:30 AM
- Hash
- d4438513e84680213281dd3e50deee0671941f2c0c901a42366bccbb151f1bc7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: raysurfer Version: 1.0.0 This skill is classified as suspicious due to its inherent high-risk capabilities, although they align with its stated purpose. The skill instructs the AI agent to read the content of local files (code) and transmit them to an external service (api.raysurfer.com) via POST requests, as seen in `SKILL.md`, `upload.sh`, `upload.py`, and `upload.ts`. Additionally, `SKILL.md` explicitly instructs the agent to execute code retrieved from this external service, which introduces a significant supply chain risk if the external service or cached code were compromised. While these actions are central to a 'code caching' skill, they represent a broad capability for data exfiltration and arbitrary code execution, lacking clear malicious intent from the skill itself but posing a substantial security risk.
- External report
- View on VirusTotal