Back to skill
Skillv1.0.0
VirusTotal security
Jst Erp · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 1:52 PM
- Hash
- 935e0ecba20dbc99fe33f7110599cf285ff161ba96413cf4d59e039c23016882
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: jst-erp Version: 1.0.0 The skill requires the agent to install a global NPM package (@membranehq/cli) and provides instructions for dynamically creating and executing remote actions via the Membrane platform. While these capabilities are consistent with the stated purpose of ERP integration, the requirement for global installation and arbitrary remote execution (via 'membrane action create') represents a high-risk security surface. No evidence of intentional malice or data exfiltration was found in SKILL.md or _meta.json.
- External report
- View on VirusTotal