Back to skill
Skillv1.0.0
VirusTotal security
Expanso cve-scan · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 3:43 AM
- Hash
- 3c2595b6c027fef3f626188343d6c3434f0de693e0dbadaeb7cdbc5714383fad
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: expanso-cve-scan Version: 1.0.0 The skill's primary function is to scan SBOMs for CVE vulnerabilities using the OSV API. The `pipeline-cli.yaml` legitimately makes an HTTP POST request to `https://api.osv.dev/v1/querybatch` to perform this core function. There is no evidence of malicious intent, such as data exfiltration, unauthorized command execution, persistence mechanisms, or prompt injection attempts in `SKILL.md` to subvert the agent. The `pipeline-mcp.yaml` is functionally incomplete as it does not perform the actual scan, but this is not a security vulnerability.
- External report
- View on VirusTotal