Back to skill
Skillv1.0.3
VirusTotal security
Ukg Ready · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:26 AM
- Hash
- 4817771135b9a8e40a4b0f0b40cf511b2e1f49c5b52f7a0f7e7e602bfaeb40ee
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ukg-ready Version: 1.0.3 The skill facilitates UKG Ready integration by instructing the agent to install and use a third-party CLI (@membranehq/cli). It involves high-risk behaviors such as global package installation (npm install -g), shell command execution for authentication and action management, and network access to external endpoints (getmembrane.com). While these actions are consistent with the stated purpose of managing HCM data and follow some security best practices (e.g., avoiding local secrets), the reliance on shell-based tooling and external dependencies constitutes a significant attack surface.
- External report
- View on VirusTotal