Back to skill
Skillv1.0.0
VirusTotal security
Gov Contracts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:48 AM
- Hash
- 656b75da9a0822c4e70603d5b284d12dedf42e051a34fcdafa4db4ed3b19218f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: gov-contracts Version: 1.0.0 The skill bundle is classified as suspicious due to its reliance on an external, third-party hosted service (`https://gov-contracts-mcp.apify.actor/mcp`) for its core functionality, as specified in the `SKILL.md` setup instructions. While the stated purpose is benign and there are no explicit prompt injection attempts or malicious code within the provided files, this external dependency introduces a significant supply chain risk. The behavior of the skill could change at any time if the remote service on `apify.actor` were compromised or altered, without any update to the local skill bundle.
- External report
- View on VirusTotal