MintGarden
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: mintgarden Version: 1.0.0 The OpenClaw AgentSkills skill bundle for MintGarden is benign. All files, including code and documentation, align with the stated purpose of browsing and analyzing Chia NFTs via the MintGarden API. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, or obfuscation. The `SKILL.md` file provides instructions for the agent on how to use the skill and format its output, which is standard for a skill bundle and does not contain any prompt injection attempts to subvert the agent's core directives. Dependencies are limited to the legitimate `axios` library, and installation scripts use standard `npm install --production` commands.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill may fetch npm packages and add `mg` and `mintgarden` commands to the user's global CLI path.
The skill asks the user to install npm dependencies and optionally register global CLI commands. This is disclosed and purpose-aligned for a CLI/API client, but it changes the local Node environment.
npm install chmod +x cli.js npm link # Makes 'mg' and 'mintgarden' global
Install only from a trusted copy, review `package.json` and `package-lock.json`, and skip `npm link` unless global CLI commands are needed.
Users have less registry-level assurance about where the code originated.
The registry metadata does not provide an authoritative source or homepage, while the package includes installable code. This is a provenance clarity issue rather than evidence of malicious behavior.
Source: unknown Homepage: none
Verify the package repository and contents before installing, especially if using the manual clone or npm installation path.