Back to skill
Skillv1.0.0
VirusTotal security
Bring Add · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 29, 2026, 3:06 AM
- Hash
- 053c6c138015ecf4d624936a16928b52dcd030819816eeb31adb0174473957d1
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: bring-add Version: 1.0.0 The skill 'bring-add' is a CLI tool designed to add items to Bring! shopping lists. It explicitly requires `BRING_EMAIL` and `BRING_PASSWORD` environment variables for authentication with the Bring! API, which is clearly documented in `SKILL.md` and `README.md` and handled in `index.js`. The code uses standard Node.js I/O and the `bring-shopping` library to perform its stated function. There is no evidence of data exfiltration beyond necessary API credentials, malicious execution (e.g., `eval`, `exec` of untrusted input), persistence mechanisms, or prompt injection attempts against the AI agent. The dependencies are standard for a CLI application, and the overall behavior is strictly aligned with its described purpose.
- External report
- View on VirusTotal