Back to skill
Skillv1.0.0
VirusTotal security
Auto Building · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:58 AM
- Hash
- 73e8c5df3740c84db9e8384b7de20a76fb363a4fa179378f9682428a24db2c10
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: auto-building Version: 1.0.0 The skill is classified as suspicious due to a significant supply chain vulnerability. The `SKILL.md` file instructs the OpenClaw agent to clone an external GitHub repository (`https://github.com/hasd52636-a11y/Auto_Building_new`) and then execute `npm install` and `npm run dev` on the cloned code. While the instructions themselves do not exhibit malicious intent, this process allows for the execution of arbitrary code from an external, unverified source, posing a remote code execution risk if the upstream repository or its dependencies are compromised. This falls under 'risky capabilities without clear malicious intent' as per the classification guidelines.
- External report
- View on VirusTotal