Back to skill
Skillv1.0.3
VirusTotal security
Webinarfuel · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 22, 2026, 2:36 PM
- Hash
- 7444a5050ee52b54f21e27339ee419772e19e39d8f25c7e7fed4bac103573ce5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: webinarfuel Version: 1.0.3 The skill facilitates WebinarFuel integration by instructing the agent to install a global NPM package (@membranehq/cli) and execute shell commands for authentication and API interaction. While these actions are aligned with the stated purpose, the reliance on shell execution for passing parameters (e.g., in 'membrane action run') introduces a risk of shell injection if input is not properly sanitized by the agent. Additionally, the skill utilizes a remote service (Membrane) to dynamically generate and execute actions, which is a high-risk capability, although no evidence of intentional malice or data exfiltration was found in SKILL.md or _meta.json.
- External report
- View on VirusTotal