Back to skill
Skillv1.1.0
VirusTotal security
Spatix · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:33 AM
- Hash
- 7c66928e4f9eb06f793d818bca0f890554f85d92fd60d8ca92471cc9d3f156bc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: spatix Version: 1.1.0 The skill is classified as suspicious due to the instruction to `pip install spatix-mcp` in `SKILL.md`. While this command is presented as a legitimate step to set up an MCP server for the skill, it introduces a supply chain risk by instructing the AI agent to download and execute code from an external package repository (PyPI). There is no direct evidence of malicious intent within the provided files, but the execution of external code via `pip install` is a significant risky capability.
- External report
- View on VirusTotal