Back to skill
Skillv1.0.0
VirusTotal security
aiusd-pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:30 AM
- Hash
- a89a1ed2d5f2eb1af6efcfda719ea600e0409358a10b77c81a08ba0a79e6400e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aiusd-pro Version: 1.0.0 The skill instructions in SKILL.md direct the AI agent to execute shell commands by wrapping raw user input in single quotes (e.g., `npx -y aiusd-pro send 'user request here'`), which is a classic shell injection vulnerability. Furthermore, the skill relies on `npx -y` to fetch and execute code from the npm registry at runtime, introducing a supply chain risk. While these patterns are likely intended for functionality, the lack of input sanitization and the execution of unverified remote code are high-risk behaviors.
- External report
- View on VirusTotal