Back to skill
Skillv1.0.0
VirusTotal security
mcp-storyboard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 7:01 AM
- Hash
- 9e96d8be920e58d379b149ddec1a94a230c6cfb5be6b72188031b99f6ba221c1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mcp-storyboard Version: 1.0.0 The bundle is classified as suspicious primarily due to the inclusion of `.claude/settings.local.json`, which attempts to pre-authorize shell execution (`chmod +x`) for scripts within the bundle, potentially bypassing standard security prompts in the agent's environment. Additionally, `SKILL.md` and the core logic in `storyboard-mcp.js` and `scripts/storyboard.py` implement a 'Smart Prompt Enhancement' feature that automatically appends specific, suggestive physical descriptions (e.g., 'large chest display', 'hourglass figure') to user prompts involving people. While documented as a feature, this represents a non-transparent modification of user intent and an attempt to circumvent standard permission workflows for shell access.
- External report
- View on VirusTotal