Back to skill
Skillv1.2.5
VirusTotal security
Prospairrow Websites MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignMay 1, 2026, 4:25 AM
- Hash
- 054f4545f16d22ffa18ef916472b4f1bcb73444794ce116798a9fbcad5016114
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: prospairrow-websites-mcp Version: 1.2.5 The skill bundle is benign. It implements robust security controls, including strict input validation using Zod, URL allowlisting for browser automation (Playwright) to prevent navigation to arbitrary domains, and capability-based access control that defaults to read-only mode. Sensitive data like API keys are handled securely via environment variables or explicitly configured headers, and browser session storage is saved with restricted file permissions (0o600). The installation script uses `npm install --ignore-scripts` to mitigate supply chain risks, and the local JSON-RPC server binds only to `127.0.0.1`. All documentation, including `SKILL.md`, provides clear instructions and does not contain any prompt injection attempts or misleading information. There is no evidence of intentional harmful behavior such as data exfiltration to unauthorized endpoints, backdoors, or arbitrary code execution.
- External report
- View on VirusTotal