Back to skill
Skillv1.1.0
VirusTotal security
Foodpanda.ph Ordering · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:06 AM
- Hash
- 58182d312de7fcc81335226c2a3ef4f2c2e0044d03065d2a544c34a03a48b105
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: foodpanda-order Version: 1.1.0 The skill requires the global installation of an unverified third-party npm package (foodpanda-cli) and handles sensitive session tokens through a browser-based login process. While the instructions in SKILL.md include safety warnings such as requiring user confirmation before placing orders, the reliance on an external CLI tool for financial transactions and account access without a verified source or official affiliation with Foodpanda is a high-risk pattern.
- External report
- View on VirusTotal