Back to skill
Skillv1.0.3
VirusTotal security
Canvas · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 5:22 AM
- Hash
- 1432fd9cdb4551f6bb59379e8125cbf5de66f09d03cb32083358597920dda90c
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: canvas-integration Version: 1.0.3 The skill requires the agent to install a global NPM package (@membranehq/cli) and execute shell commands to interact with an external third-party platform (Membrane) which acts as a proxy for all Canvas API calls and authentication. While the instructions in SKILL.md are consistent with the stated purpose of the integration, the requirement for high-privilege software installation and the redirection of sensitive educational data through an intermediary service represent significant supply chain and data privacy risks.
- External report
- View on VirusTotal