Back to skill
Skillv1.0.7
VirusTotal security
Perp Lobster · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:12 AM
- Hash
- 3d7b1bf0f4c82424645455edaebae738fc08861868afb34d728e79191de75427
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: perp-lobster Version: 1.0.7 The skill is classified as suspicious due to its reliance on downloading and executing code from an external GitHub repository (`git clone https://github.com/ThisNewMark/perplobster.git`) for financial trading operations. While the `SKILL.md` includes good security practices like explicit instructions not to handle private keys in chat, requiring user approval for `setup.sh`, and transparent command execution, the fundamental act of fetching and running arbitrary scripts from a remote source introduces a significant supply chain vulnerability and potential for remote code execution if the external repository were compromised. There is no evidence of intentional malicious behavior within the provided skill bundle itself, but the high-risk capabilities and external dependency warrant a 'suspicious' classification.
- External report
- View on VirusTotal