Back to skill
Skillv0.1.0
VirusTotal security
Ambit Cli · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:22 AM
- Hash
- e4c69002da30e98ad55fef3d667dc190973b37510c501ee3c4e596a43dc3b63b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ambit-cli Version: 0.1.0 The skill bundle is classified as suspicious due to several high-risk behaviors and supply chain vulnerabilities, despite lacking explicit malicious intent. The `SKILL.md` instructs the agent to execute an external `npx` package (`npx @cardelli/ambit`) and to download and deploy remote templates from GitHub (`ToxicPine/ambit-templates`), both of which introduce significant supply chain risks. Furthermore, the skill requires the agent to handle sensitive `TAILSCALE_API_TOKEN`s and perform privileged operations (`sudo tailscale set --accept-routes`), increasing the potential attack surface if any of the external dependencies were compromised or if the agent were to be prompted maliciously.
- External report
- View on VirusTotal