Back to skill
Skillv0.1.0
VirusTotal security
Probable Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 5:01 AM
- Hash
- 0750cb7d368697ebca5f184580c51356ee58c4ad3540dbac7cc6df8fe51399de
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: probable-skills-2 Version: 0.1.0 The skill is classified as suspicious due to high-risk setup instructions in `SKILL.md`. Specifically, the command `curl -fsSL https://bun.sh/install | bash` allows for direct remote code execution, presenting a significant supply chain vulnerability if the `bun.sh` domain were ever compromised. Additionally, the `git clone git@github.com:user/0xprobableskills.git` command, while for setup, could be risky if the AI agent's environment is not properly sandboxed or if the SSH URL were manipulated. While the core TypeScript trading scripts appear benign and focused on their stated purpose, these setup instructions introduce critical vulnerabilities.
- External report
- View on VirusTotal