Back to skill
Skillv0.2.6
VirusTotal security
Arpc · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- 68bc7114272108c19bacaaca0d07f232836f48ddd5d65f8a4e47571ba77f521c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: arpc Version: 0.2.6 The skill is classified as suspicious due to two primary high-risk behaviors, despite its stated benign purpose and strong defensive instructions. First, the `SKILL.md` and `references/installation.md` instruct the agent to install the `arpc` binary via `curl -fsSL https://arp.offgrid.ing/install.sh | bash`. This `curl | bash` pattern is a significant supply chain vulnerability, as the integrity of the remote script cannot be guaranteed. Second, `references/installation.md` contains Python, jq, and Node.js scripts designed to programmatically read sensitive OpenClaw configuration files (e.g., `~/.openclaw/openclaw.json`, `~/.clawdbot/*.json`, `~/.openclaw/agents/main/sessions/*.jsonl`) to extract the OpenClaw gateway token and session key. While this is for local integration with the OpenClaw bridge and the skill provides explicit security warnings and sets secure file permissions (`chmod 600`) for its own config, the direct access and handling of these critical credentials represent a meaningful high-risk capability.
- External report
- View on VirusTotal