Back to skill
Skillv1.0.0
VirusTotal security
aiusd-core · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:30 AM
- Hash
- 7b316117e83c8e8e1ca6e4a8f5043d566400632d0921b9e34203b409ff12d12c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aiusd-core Version: 1.0.0 The skill bundle for `aiusd-core` is classified as suspicious due to its reliance on high-risk execution patterns and dynamic instruction fetching. It directs the AI agent to use `npx -y` for all commands, which automatically executes remote code from npm, and mandates that the agent run a `guide` command to fetch and 'follow exactly' instructions from a remote source, creating a significant vector for indirect prompt injection. Additionally, the skill includes sensitive capabilities such as wallet restoration from local file paths (`login --restore`) and automated trading based on social media monitoring (`monitor add`), which pose substantial security risks if the underlying CLI or its data sources are compromised. (IOC: https://aiusd.ai)
- External report
- View on VirusTotal