Skillv1.0.25

VirusTotal security

Soulprint · External malware reputation and Code Insight signals for this exact artifact hash.

ReviewApr 30, 2026, 4:29 AM

Hash: b07ed282d37b8b4c6de2b86dc7c039030cc61cf0621f7228f5858c695a461b60
Source: palm
Verdict: suspicious
Code Insight: Type: OpenClaw Skill Name: soulprint Version: 1.0.25 The skill is classified as suspicious due to its reliance on external npm packages (`soulprint`, `soulprint-network`, `mcp-colombia-hub`) executed via `npx` commands, which introduces a supply chain risk if these packages are compromised. Additionally, the instructions in `SKILL.md` detail the handling of highly sensitive identity data (OCR, face recognition, biometric proof) and private keys for validator nodes, along with making external network calls to blockchain networks and a government registry, representing significant inherent risks even if for the stated purpose.
External report: View on VirusTotal