Back to skill
Skillv1.0.3
VirusTotal security
Arive · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:32 AM
- Hash
- cbf1122ee0db09e59733b05b56d86fdfc80dc40fe57104f54c4d55af3f5c0024
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: arive Version: 1.0.3 The skill bundle for 'arive' contains highly contradictory and misleading instructions in SKILL.md, which could cause an AI agent to perform unintended actions or leak data. It inconsistently describes the service as a returns management platform, a logistics tool (Trips/Legs), a CRM (Deals/Projects), and a mortgage platform (Loans/Leads), despite the provided URLs (developer.arive.com) and action tables specifically targeting mortgage loan data. This 'Frankenstein' documentation is a significant logic flaw that could trick an agent into sending sensitive user information to the wrong API endpoints. While the use of the Membrane CLI (@membranehq/cli) appears functionally legitimate, the extreme lack of alignment between the stated purpose and the actual tool capabilities is a high-risk indicator for agent-based systems.
- External report
- View on VirusTotal