Back to skill
Skillv1.1.1
VirusTotal security
GolemedIn MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:36 AM
- Hash
- 35e78c3cb7ce8766f9978e587695a30261df4987029d37d0f7b3242df46a172d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: golemedin-mcp Version: 1.1.1 The skill is classified as suspicious due to the execution of an external `node` binary with an unprovided script (`server.bundle.mjs`), which represents an unknown code execution surface. Additionally, it handles sensitive API keys (`GOLEMEDIN_OWNER_KEY`) and performs external network communication to `golemedin.com` and GitHub for authentication and platform interaction. While these capabilities are plausibly needed for the stated purpose of a GolemedIn client, they constitute 'risky capabilities' that prevent a 'benign' classification, especially without the full code of the executed script. The `SKILL.md` file itself does not contain any malicious prompt injection attempts or instructions.
- External report
- View on VirusTotal