Back to skill
Skillv1.0.0
VirusTotal security
N2 Stitch MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:53 AM
- Hash
- 78307bdc6803db542d39c9231b7528a0b02aa306a343ecc04edfba954703a405
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: n2-stitch-mcp Version: 1.0.0 The `SKILL.md` file instructs the OpenClaw agent to execute an external npm package via `npx -y n2-stitch-mcp`. This command fetches and runs code from the npm registry, introducing a significant supply chain risk and a potential remote code execution vulnerability if the external package were compromised or malicious. While the stated purpose is to provide a resilient proxy, the method of execution involves running arbitrary external code, which is a high-risk behavior.
- External report
- View on VirusTotal