Back to skill
Skillv1.0.0
VirusTotal security
Dependency Audit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:00 AM
- Hash
- d2d4bb2875e03d7cf4061e3357083297b17a8b1684f68e77db10321da752b36f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: dependency-audit Version: 1.0.0 The skill is designed to perform a legitimate dependency audit, but it requires and instructs the AI agent to execute a wide range of powerful shell commands (`npm`, `pip`, `cargo`, `npx`, `grep`) with broad file system access (e.g., `grep -rh` to scan all Python files) and network capabilities (for audits and tool installations like `pip install pip-audit`). While these actions are necessary for its stated purpose, the extensive shell execution and file system access capabilities, combined with instructions to install new tools, present a significant attack surface and inherent risk. There is no clear evidence of intentional malicious behavior such as data exfiltration or backdoor installation, but the broad permissions and execution capabilities make it suspicious.
- External report
- View on VirusTotal