Back to skill
Skillv1.2.0
VirusTotal security
Reddit Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:48 AM
- Hash
- 77a71a8affb2ef783dd04733f8dbc811bf6bc68ca498fddbe136a10c9116609d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: reddit-api Version: 1.2.0 The skill is classified as suspicious due to its reliance on installing and executing a third-party `mcporter` binary via `npm` (as specified in `SKILL.md`). This introduces a significant supply chain vulnerability, as the `mcporter` package itself could contain malicious code, leading to arbitrary code execution (RCE) on the agent's system. While the stated purpose of the skill (Reddit search via xpoz.ai) appears benign, the black-box nature of the `mcporter` binary and its communication with `mcp.xpoz.ai` represent an untrusted dependency and a potential attack vector, even without explicit malicious instructions in the provided files.
- External report
- View on VirusTotal