Back to skill
Skillv1.0.2
VirusTotal security
Grafbase · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:56 AM
- Hash
- be383a946962d0bf50357cc70396fac15e538be402a659f93634a91128494d47
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: grafbase Version: 1.0.2 The skill instructs the AI agent to perform high-risk operations, including the global installation of an external NPM package (@membranehq/cli) and the execution of shell commands to manage Grafbase resources. While these actions are aligned with the stated purpose of the integration, the reliance on shell command construction and global environment modification (SKILL.md) poses a risk of shell injection and unauthorized execution if the agent processes unsanitized user input.
- External report
- View on VirusTotal