Back to skill
Skillv1.0.1
VirusTotal security
boss-geek · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 23, 2026, 12:36 PM
- Hash
- 809e0eb754a8683808c7873f39cfcfd6b880f6f311cc2fb594e8e288a718ea3f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: boss-geek Version: 1.0.1 The skill bundle functions as a set of instructions for an AI agent to install and use external software, specifically a global NPM package (@jackwener/opencli) and a plugin from a GitHub repository (SPYQWER1/opencli-plugin-boss-geek). This introduces significant supply chain risks, as the agent is directed to execute installation commands for unverified third-party code that requires access to the user's browser session and login state on zhipin.com. While the stated intent is job-seeking automation, the reliance on external, potentially unvetted execution environments and the requirement for broad permissions make it high-risk.
- External report
- View on VirusTotal