Back to skill
Skillv1.0.0
VirusTotal security
Brand Frontend · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 19, 2026, 5:06 PM
- Hash
- 970b3472f0943555074d6db755c3a3d3d9b377a2394db444629f340fb1b49861
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: brand-frontend Version: 1.0.0 The skill bundle relies on an external service and SDK associated with the domain 'google-stitch.com', which appears to impersonate Google but is not an official Google domain. The instructions in SKILL.md direct the agent to install this potentially malicious SDK and manage a 'STITCH_API_KEY', creating a high risk for supply chain attacks and credential theft. While the stated purpose of landing page generation is plausible, the use of a deceptive domain and the requirement for external binary installation are significant red flags.
- External report
- View on VirusTotal