Back to skill
Skillv1.0.0
VirusTotal security
Moskit · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:13 AM
- Hash
- da5d27c4418cb6a29792b51aa1059d17cb4c2ab6210ba9983688ffc10497e703
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: moskit Version: 1.0.0 The skill facilitates integration with Moskit CRM via the Membrane CLI, requiring high-risk operations such as global NPM package installation (@membranehq/cli) and shell command execution for authentication and API interaction in SKILL.md. There is a notable factual discrepancy where Moskit is incorrectly described as a 'session replay and product analytics tool' (likely a copy-paste error from a tool like PostHog), and the metadata contains a future timestamp (2026). While these capabilities are aligned with the stated purpose of service integration, the broad shell and network access permissions meet the criteria for a suspicious classification.
- External report
- View on VirusTotal