Back to skill
Skillv1.0.2
VirusTotal security
CHIS/CHISF · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:35 AM
- Hash
- 681298c1f2768172574a332572b1668d08eaea5ad4c661740374ac2e1920d6aa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: chis-chisf Version: 1.0.2 The skill is classified as suspicious due to a direct command execution instruction found in SKILL.md. Specifically, the markdown instructs the AI agent to execute a local binary at `/Users/zququ/.local/bin/clawhub-install-safe` as a fallback installer. While this action is presented within the context of skill installation, it represents a significant prompt injection risk, as it directs the agent to run an arbitrary local executable based on markdown content. The `scripts/chis-chisf.sh` script, while using safer argument passing to `clawhub`, still wraps commands that handle user-controlled input, relying on the security of the `clawhub` binary itself.
- External report
- View on VirusTotal