Back to skill
Skillv1.0.0
VirusTotal security
Spec Kit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:45 AM
- Hash
- 2fe3e87124e0181da24f42594dc0ecd57cd5838a013b9b5b4029911c80dca6ef
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: spec-kit Version: 1.0.0 The OpenClaw AgentSkills skill bundle for 'spec-kit' appears benign. The `SKILL.md` provides clear documentation and instructions for using a spec-driven development tool. It primarily instructs the AI agent on how to interpret user commands (e.g., `/speckit.specify`) and how to execute the `uvx` command to fetch and run the 'spec-kit' tool from a GitHub repository (`https://github.com/github/spec-kit.git`). There is no evidence of prompt injection attempting to subvert the agent's behavior, no instructions for data exfiltration, persistence, or other malicious activities. The external URLs point to legitimate GitHub domains, and the `uvx` command is a standard way to execute tools from remote repositories.
- External report
- View on VirusTotal