Back to skill
Skillv1.0.4
VirusTotal security
Recruitee · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 7:01 PM
- Hash
- 42539303a958a847093a39cf29515757740e173f07964256575e6b5ebd0180f8
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: recruitee Version: 1.0.4 The skill bundle facilitates integration with the Recruitee ATS by instructing the agent to install a global NPM package (@membranehq/cli) and execute various shell commands for authentication and data management (SKILL.md). While these capabilities are aligned with the stated purpose of using the Membrane platform, the reliance on global software installation and direct shell/network access constitutes high-risk behavior under the provided criteria. Additionally, the _meta.json file contains a future-dated publishedAt timestamp (April 2026), which is an unusual anomaly, though no clear evidence of intentional malice or data exfiltration was found.
- External report
- View on VirusTotal