Back to skill
Skillv1.0.0
VirusTotal security
Deutsche Bahn CLI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:04 AM
- Hash
- 4683d20077bca040f4110eb4fc191fea5edc4d7259f7fc64a3fe3dba946acb7a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: bahn Version: 1.0.0 The skill instructs the agent to run `npm install` within the `~/Code/bahn-cli` directory. While this command is plausibly needed for setting up the `bahn-cli` tool, it represents a risky capability as `npm install` can download and execute arbitrary code from external dependencies. Since the `bahn-cli` project itself is not included in this bundle, its dependencies and potential for supply chain compromise cannot be assessed, making the instruction to execute `npm install` (found in `SKILL.md`) suspicious due to unverified external code execution.
- External report
- View on VirusTotal