Back to skill
Skillv1.0.0
VirusTotal security
Pipeworx nutrition · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 13, 2026, 9:11 PM
- Hash
- 86a0adceda343dce0724ae346e3a7384819c23b8b16a03d119e5203d1d83e9fa
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: pipeworx-nutrition Version: 1.0.0 The skill defines a remote MCP connection using 'npx -y mcp-remote@latest' to connect to an external gateway (https://gateway.pipeworx.io/nutrition/mcp). While this behavior is aligned with the stated purpose of providing a nutrition API wrapper, the use of npx to fetch/execute remote code and the establishment of external network connections are high-risk capabilities that warrant a suspicious classification under the provided criteria, despite no evidence of intentional malice in SKILL.md.
- External report
- View on VirusTotal