Back to skill
Skillv1.1.1
VirusTotal security
Pinterest · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:08 AM
- Hash
- 9a13807a0c8b0ad5051854c217c535b5f5468c138bdba9a8287d8a3e90ed2d3b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pinterest Version: 1.1.1 The skill is classified as suspicious due to the presence of risky capabilities, specifically the runtime installation of dependencies and extensive web scraping. The `scripts/pinterest_api.py` file uses `subprocess.check_call` to install the `httpx` library if it's not found, which, while for a legitimate library, represents a capability to execute arbitrary commands during runtime. Additionally, the script performs web scraping of `pinterest.com` using `httpx` and regex, involving arbitrary network requests and parsing untrusted HTML, which are inherently risky operations. While these actions are plausibly needed for the skill's stated purpose of searching and browsing Pinterest, they constitute 'risky capabilities without clear malicious intent' as per the provided guidelines.
- External report
- View on VirusTotal