Back to skill
Skillv1.0.3
VirusTotal security
Appdrag · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:42 AM
- Hash
- 1cf1ed261dbc64cc2818706715248f0ea06bbd0b839a3f2c62051ee0d637cac1
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: appdrag Version: 1.0.3 The skill facilitates integration with the AppDrag platform via the Membrane CLI. It is classified as suspicious because it requires high-risk operations, including the global installation of an external NPM package (`@membranehq/cli`) and provides actions for raw SQL execution (`execute-raw-sql-query`) and email dispatch. While these capabilities are plausibly necessary for managing a website builder and database, the combination of global shell-level installation and direct database manipulation represents a significant security risk and a broad attack surface as defined in the analysis criteria.
- External report
- View on VirusTotal