Back to skill
Skillv1.0.0
VirusTotal security
Sonoscli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:00 AM
- Hash
- b1310f36a3629dc77c67e415fbfa123bf5c37433e1a963da50597a3f2eeac13c
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: sonoscli Version: 1.0.0 The skill bundle is benign. It installs the `sonoscli` tool from a public Go module (`github.com/steipete/sonoscli`) and provides instructions for controlling Sonos speakers. The `SKILL.md` mentions the optional requirement for `SPOTIFY_CLIENT_ID/SECRET` environment variables for Spotify search functionality, which is a standard practice for API integrations and does not indicate any attempt at credential exfiltration or prompt injection against the agent.
- External report
- View on VirusTotal