Back to skill
Skillv1.0.4
VirusTotal security
Contentful · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:46 PM
- Hash
- 756810b4f7e278f61c69b8fdb98bf35daa1791d76ec5c9cbcb682bae15a502ef
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: contentful Version: 1.0.4 The `SKILL.md` file instructs the agent to install a global npm package (`@membranehq/cli`) and perform network requests via a proxy command (`membrane request`). It also directs the agent to follow dynamic `agentInstructions` returned by the CLI, which could serve as a vector for indirect prompt injection. While these capabilities are aligned with the stated purpose of Contentful integration, the combination of global shell execution and arbitrary network access constitutes high-risk behavior that warrants a suspicious classification under the provided criteria.
- External report
- View on VirusTotal