Back to skill
Skillv1.1.0
VirusTotal security
Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:53 AM
- Hash
- bceaef4b61ddbfe2517d32cb41ecd7c75948f41fe91bd4d50740c492e8b08d59
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: brighty Version: 1.1.0 This skill is classified as suspicious due to a significant supply chain vulnerability. The `config/mcporter.json` and `SKILL.md` instruct the OpenClaw agent to execute `npx -y github:Maay/brighty_mcp`. This command fetches and runs code directly from an external GitHub repository at runtime, introducing a risk where a compromise of the `Maay/brighty_mcp` repository could lead to arbitrary code execution or financial fraud without requiring an update to the OpenClaw skill bundle itself. While the skill provides high-risk banking capabilities, it also includes explicit safety instructions in `SKILL.md` to confirm sensitive actions with the user, mitigating direct prompt-injection risks for financial transactions.
- External report
- View on VirusTotal