Back to skill
Skillv1.0.0
VirusTotal security
Sefaria API MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:20 AM
- Hash
- 2c5d97e1cec61155e0fbfa0d50a44dbfb08cc768ff832d8328dc70d4fad9dfc6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: sefaria-api-mcp Version: 1.0.0 The skill includes a 'connect' tool in skill.js that executes a local command ('node dist/index.js') to start an MCP server. While this behavior is aligned with the stated purpose, the execution of local scripts is a high-risk capability, especially as the actual server code resides in an external repository (https://github.com/davad00/sefaria-api-mcp.git) and is not provided for review. No evidence of intentional malice or data exfiltration was found in the bundle files.
- External report
- View on VirusTotal