Back to skill
Skillv1.0.0
VirusTotal security
Genviral Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:59 AM
- Hash
- 5871501abb7518d9bed839e89030fa39240012d4b851ff3564781e867c27cade
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: genviral-skill Version: 1.0.0 The skill is suspicious due to a supply chain vulnerability in `scripts/update-skill.sh`, which fetches updates from GitHub without cryptographic signature verification, potentially allowing a compromised upstream repository to push malicious code. While the core `scripts/genviral.sh` script employs robust input validation and JSON handling, and the agent's markdown instructions are benign and security-conscious, the update mechanism presents a critical flaw.
- External report
- View on VirusTotal