Back to skill
Skillv1.0.3
VirusTotal security
Google Vertex Ai · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:26 PM
- Hash
- 7e35e08df81d2af65d6fe99d49b602df47df7b1bc1bd43fdec08b2e4c08ffe88
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: google-vertex-ai Version: 1.0.3 The SKILL.md file instructs the AI agent to perform high-privilege system modifications, specifically the global installation of a third-party CLI tool (npm install -g @membranehq/cli). It also directs the agent to route all Google Vertex AI interactions through a third-party proxy service (Membrane), which introduces supply chain risks and potential data exposure to an intermediary. While these actions are aligned with the stated purpose of the integration, the requirement for global software installation and the reliance on external infrastructure for sensitive cloud operations represent a significant security surface. Additionally, _meta.json contains a future-dated timestamp (2026), which is an unusual anomaly.
- External report
- View on VirusTotal