Back to skill
Skillv1.0.3
VirusTotal security
Snipe It · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 1:51 PM
- Hash
- 238e5494546a4510596a652d4ba027af8713018b84e22ee9248a1ef06f87737e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: snipe-it Version: 1.0.3 The skill requires the installation of a global npm package (@membranehq/cli) and delegates authentication and logic execution to an external third-party service (Membrane). It instructs the agent to dynamically generate and execute actions via this service, which introduces significant supply chain risks and requires high-privilege shell access. While these capabilities are plausibly needed for the stated Snipe IT integration, the reliance on remote code orchestration and global package installation warrants caution.
- External report
- View on VirusTotal