Back to skill
Skillv1.0.0
VirusTotal security
Lightpanda Browser · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 18, 2026, 2:56 AM
- Hash
- cc73c0e1984a35df549b811270865d951cdb1bc948ecade02acd8f02ae0400c9
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lightpanda Version: 1.0.0 The skill instructions in SKILL.md direct the agent to download a binary from a remote GitHub repository and grant it execution permissions (curl | chmod +x). While the tool (Lightpanda) appears to be a legitimate project, the practice of downloading and executing unverified binaries without checksum or signature validation is a high-risk security pattern that could lead to Remote Code Execution (RCE) or supply chain compromise.
- External report
- View on VirusTotal