Back to skill
Skillv1.0.2
VirusTotal security
Namely · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:19 AM
- Hash
- 3afe7ad2d3761f8d164afb313c1338823d02f14c5a8f08310c8f08694922c439
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: namely Version: 1.0.2 The skill provides instructions for managing Namely HRIS data using the Membrane CLI, which involves high-risk operations such as global npm installation (@membranehq/cli), shell command execution, and network access. While these capabilities are aligned with the stated purpose of the integration, the pattern of constructing shell commands with JSON input strings in SKILL.md presents a potential shell injection surface. Per the provided criteria, the presence of these risky capabilities—even when plausibly needed—warrants a suspicious classification.
- External report
- View on VirusTotal