Back to skill
Skillv0.1.0
VirusTotal security
Find Docs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 21, 2026, 5:56 PM
- Hash
- bfdb194c2c33d2cbbd8be7f52ba982b4f4e2dc5345dded0b021e6a5e2b002650
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: find-docs Version: 0.1.0 The skill 'find-docs' (SKILL.md) facilitates technical documentation retrieval by instructing the agent to install and execute the external 'ctx7' CLI tool via npm. It is classified as suspicious because it involves high-risk behaviors such as global package installation ('npm install -g ctx7') and the execution of shell commands using user-provided input ('ctx7 library <name> <query>'), which creates a potential shell injection surface. While the instructions include security warnings regarding sensitive data and the behavior aligns with the stated purpose, the reliance on external binaries and unvalidated input parameters represents a significant attack surface.
- External report
- View on VirusTotal