skillvet
skillvet · v · by
50.3
Trust Score
0
Trust Tier
danger
Badge
Score Breakdown
| Factor | Score | Weight |
|---|---|---|
| Static | 0.0 | 15% |
| Permission | 95.0 | 15% |
| Poison | 40.0 | 15% |
| Clickfix | 65.0 | 15% |
| Credential | 100.0 | 15% |
| Twostage | 0.0 | 10% |
| Infrastructure | 0.0 | 5% |
| Typosquat | 100.0 | 5% |
| Age | 10.6 | 3% |
| Popularity | 0.0 | 2% |
Scan Results
STATIC — Score: 0
[CRITICAL] Remote code download and execution via curl pipe
(line 144)
| 21 | Pipe-to-shell | `curl \| bash` (HTTP and HTTPS) |
[CRITICAL] Remote code download and execution via curl pipe
(line 169)
| 46 | GitHub raw content execution | `curl raw.githubusercontent.com/... \| bash` |
[HIGH] Prompt injection or system override attempt
(line 132)
| 9 | Prompt injection in markdown | "ignore previous instructions" in SKILL.md |
[CRITICAL] Remote script download piped to shell execution
(line 144)
| 21 | Pipe-to-shell | `curl \| bash` (HTTP and HTTPS) |
[CRITICAL] Remote script download piped to shell execution
(line 169)
| 46 | GitHub raw content execution | `curl raw.githubusercontent.com/... \| bash` |
[MEDIUM] Fetching content from non-OpenClaw GitHub repositories
(line 169)
| 46 | GitHub raw content execution | `curl raw.githubusercontent.com/... \| bash` |
PERMISSION — Score: 95
[LOW] Skill appears to use network but declares no permissions
POISON — Score: 40
[CRITICAL] Classic prompt injection: ignore previous instructions
(line 132)
| 9 | Prompt injection in markdown | "ignore previous instructions" in SKILL.md |
[HIGH] Content contains alarming words not in description: backdoor, malware
CLICKFIX — Score: 65
[CRITICAL] Instructs chmod +x then execute downloaded file
(line 158)
| 35 | ClickFix download+execute chain | `curl -o /tmp/x && chmod +x && ./x`, `open -a` with downloads |
INFRASTRUCTURE — Score: 0
[CRITICAL] Known malicious IP address: 91.92.242.30
(line 148)
| 25 | Known C2/IOC IP blocklist | 91.92.242.30, 54.91.154.110 (known AMOS C2 servers) |
[CRITICAL] Known malicious domain: glot.io
(line 150)
| 27 | Paste service payloads | glot.io, pastebin.com hosting malicious scripts |
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 199)
- [The Hacker News coverage](https://thehackernews.com/2026/02/researchers-find-341-malicious-clawhub.html)
[HIGH] Random-looking subdomain pattern (DGA-like, possible C2)
(line 200)
- [OpenSourceMalware analysis](https://opensourcemalware.com/blog/clawdbot-skills-ganked-your-crypto)
TWOSTAGE — Score: 0
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 144)
| 21 | Pipe-to-shell | `curl \| bash` (HTTP and HTTPS) |
[CRITICAL] Download piped directly to interpreter (two-stage loader)
(line 169)
| 46 | GitHub raw content execution | `curl raw.githubusercontent.com/... \| bash` |
[CRITICAL] Download to /tmp then execute (two-stage loader)
(line 158)
| 35 | ClickFix download+execute chain | `curl -o /tmp/x && chmod +x && ./x`, `open -a` with downloads |
CREDENTIAL — Score: 100
No findings.
TYPOSQUAT — Score: 100
No findings.