Back to skill
Skillv1.0.0
VirusTotal security
Artifacts Builder Pro · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:13 AM
- Hash
- 44a363a1ee91a7c3d62256223cf3f85f013250ac104543ff5aec7d7a0fa5bea5
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: artifacts-builder-pro Version: 1.0.0 The skill bundle provides a functional environment for building React artifacts but employs high-risk behaviors such as global package installation ('npm install -g pnpm'), arbitrary shell script execution, and local archive extraction ('tar -xzf') within 'scripts/init-artifact.sh' and 'scripts/bundle-artifact.sh'. While these actions are plausibly necessary for the stated purpose of setting up a frontend development environment, the broad system access and potential for supply chain risks via the opaque 'shadcn-components.tar.gz' meet the threshold for a suspicious classification.
- External report
- View on VirusTotal