Back to skill
Skillv1.0.3
VirusTotal security
Lucca · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 2:17 PM
- Hash
- 6f11833d29a7feeb1bdddbd01d1ef2414abe11708e9088a593611e323662171d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: lucca Version: 1.0.3 The skill instructions in SKILL.md direct the AI agent to perform high-risk operations, including a global package installation (npm install -g @membranehq/cli) and the execution of shell commands (membrane action run) that may incorporate user-provided input, which presents a risk of command injection. While these actions are aligned with the stated purpose of integrating with the Lucca HR platform via the Membrane service (getmembrane.com), the reliance on shell execution and external network access constitutes a risky capability profile as defined in the analysis criteria.
- External report
- View on VirusTotal