Back to skill
Skillv1.1.0
VirusTotal security
ShipStation Orders · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:19 AM
- Hash
- 3be280631239e1c4618f1188e7bef2d8283d1f363321023d25eab244c693aec1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: shipstation-orders Version: 1.1.0 The OpenClaw skill 'shipstation-orders' is designed to monitor ShipStation orders for new activity and issues. It legitimately requires ShipStation API credentials (key and secret) which are read from a local `.env` file or environment variables and used to communicate with the official ShipStation API (`https://ssapi.shipstation.com`). The skill manages its state using local `state.json` and `shipping-state.json` files. All instructions in `SKILL.md` and `README.md` are benign, guiding the AI agent to execute the scripts and process their output as intended for order monitoring and alerting. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or prompt injection attempts against the agent. The custom `loadEnv` function is a minor robustness flaw but not a security vulnerability.
- External report
- View on VirusTotal