Back to skill
Skillv0.1.0
VirusTotal security
ClawGuard Scanner · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:37 AM
- Hash
- fe9253bb11acb5dc9e676f8bcabb75fd5c4575eefecd39937a43f7fe239ecaae
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: clawguard-scanner Version: 0.1.0 The skill functions as a security gatekeeper, using SKILL.md instructions to mandate that the AI agent execute an external npm package ('npx clawguard') before installing any other skill. While the stated intent is defensive, this creates a high-risk behavioral override where the agent is directed to run external code as a prerequisite for standard operations, effectively intercepting the installation flow. The reliance on a third-party package (hosted at a GitHub repository with a potentially placeholder name 'Frrrrrrrrank') to perform 'critical' security checks on local directories constitutes a significant risk and permission overreach without explicit evidence of the external package's integrity.
- External report
- View on VirusTotal