Back to skill
Skillv1.0.0
VirusTotal security
Clawdhub 1.0.0 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:06 AM
- Hash
- 903decd2add221e5a5b75541b8b3a52d5b3e126b7d9f653a7753ded64c3a2380
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawdhub-1-0-0 Version: 1.0.0 The skill bundle is suspicious because it directly instructs the AI agent via `SKILL.md` to install a global npm package (`clawdhub`) which grants broad system access. This action, while aligned with the stated purpose of a skill management tool, introduces a significant supply chain risk, as the security of this skill heavily depends on the integrity of the `clawdhub` npm package and the `clawdhub.com` registry it interacts with. There is no clear evidence of intentional malicious behavior within the provided files, but the high-privilege operations and external dependencies warrant a suspicious classification.
- External report
- View on VirusTotal