Back to skill
Skillv1.0.0
VirusTotal security
Skill Dependency Chain Auditor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:26 AM
- Hash
- 8bda8919190a4befd1833b117e2f8dd9bdafc6f5d1dfd32f96a7b5ef7bd378ef
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: skill-dependency-chain-auditor Version: 1.0.0 The skill bundle describes a 'skill-dependency-chain-auditor' designed to identify vulnerabilities in transitive skill dependencies. The `SKILL.md` clearly outlines its purpose, how it works, and the types of risks it aims to detect (e.g., undeclared network capabilities, unpinned versions, trust degradation). It requires `curl` and `python3`, which are plausible tools for fetching and processing skill metadata in an auditing context. There is no evidence of prompt injection attempts against the AI agent, nor any indication of malicious intent such as data exfiltration, unauthorized execution, or persistence mechanisms. The skill's documentation consistently focuses on identifying and mitigating security risks in *other* skills, not performing them itself.
- External report
- View on VirusTotal