Back to skill
Skillv1.0.0
VirusTotal security
RentaUnHumano MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:52 AM
- Hash
- a521747766bf6fdf5c025f50b1265657028907eda4aab26dcd6bb8ac9b644b12
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rentaunhumano-mcp Version: 1.0.0 The skill is suspicious due to instructions in `SKILL.md` that pose a significant supply chain risk. Specifically, the setup guide instructs the agent to configure `mcporter` to run `npx -y @rentaunhumano/mcp-server`. The `npx -y` command downloads and executes an arbitrary npm package without user confirmation, which could lead to arbitrary code execution if the `@rentaunhumano/mcp-server` package were compromised or malicious. Additionally, the skill instructs the agent to make an external `curl` call to `https://rentaunhumano.com/api/agents/register` to register an account, involving interaction with an external service.
- External report
- View on VirusTotal