Back to skill
Skillv1.0.1
VirusTotal security
MenuVision · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:23 AM
- Hash
- f664594f2a4164d87a6c2c1c1184688d1d8d4421832481d13670a66ca8a65020
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: menuvision Version: 1.0.1 The skill bundle is classified as suspicious due to its extensive use of high-risk capabilities, including the execution of `git` commands with a `GITHUB_PAT` for publishing to GitHub Pages, the installation and use of `playwright` (a headless browser) for web scraping, and broad file system access. While these capabilities are necessary for the skill's stated purpose of building and optionally publishing restaurant menus, they introduce significant attack surface and potential for misuse. There is no clear evidence of intentional malicious behavior (e.g., data exfiltration to unauthorized endpoints, persistence mechanisms, or obfuscation) within the `SKILL.md` instructions or implied code logic. However, the power of these operations, particularly the `GITHUB_PAT` for authenticated `git push` and the `playwright` browser, means that a compromised agent or a malicious input URL could lead to severe consequences, classifying it beyond benign.
- External report
- View on VirusTotal