Back to skill
Skillv1.0.3
VirusTotal security
7Shifts · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:26 AM
- Hash
- 5479bccb9635283fe8beab8849b03849194e52c4bd70d993a7bb1ddd3d7e3234
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: 7shifts Version: 1.0.3 The skill integrates 7shifts by instructing the agent to install a global npm package (@membranehq/cli) and execute shell commands for authentication and API interaction. While these actions are aligned with the stated purpose of using the Membrane platform, the reliance on shell execution and third-party CLI tools (SKILL.md) represents a high-risk capability. Without explicit input sanitization logic, this pattern is vulnerable to command injection if the agent passes unsanitized user input to the CLI.
- External report
- View on VirusTotal