Back to skill
Skillv1.0.0
VirusTotal security
Ordercli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:00 AM
- Hash
- d43ca2e2626b26bef1ad3091be28f3b8f8f4109b60d449438985366f620179bd
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ordercli Version: 1.0.0 The skill bundle is suspicious due to instructions in `SKILL.md` that direct the agent to execute commands accessing sensitive browser data. Specifically, `ordercli foodora cookies chrome --profile "Default"` and `ordercli foodora session chrome --url https://www.foodora.at/ --profile "Default"` instruct the agent to read Chrome browser cookies and session information. While framed as importing for the `ordercli` tool's functionality, this capability represents a significant security risk, as it involves accessing data from another application (Chrome) that could contain credentials or session tokens, making it a potential vector for data exfiltration if the `ordercli` binary itself were compromised or malicious.
- External report
- View on VirusTotal