Back to skill
Skillv0.1.1
VirusTotal security
Phenosnap Phenotype Extractor · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:17 AM
- Hash
- e65399ff38956de7ce83993b36f802eed3e8a56ce11029b7dfbf34eab3a37703
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: phenoskill Version: 0.1.1 This skill is classified as suspicious due to its high-risk capabilities involving the download and execution of external code and dependencies. Specifically, it downloads and executes `get-pip.py` from `bootstrap.pypa.io` and the `PhenoSnap` project from `github.com/WGLab/PhenoSnap`, followed by `pip install -r requirements.txt` (SKILL.md). While these actions are intended for legitimate dependency management and bootstrapping, they introduce significant supply chain vulnerabilities, as a compromise of any upstream source (GitHub, PyPI, pypa.io) could lead to arbitrary code execution on the host system. There is no evidence of intentional malicious behavior, such as data exfiltration (explicitly forbidden in SKILL.md) or persistence mechanisms, but the broad execution capabilities warrant a 'suspicious' classification.
- External report
- View on VirusTotal