Back to skill
Skillv1.0.4
VirusTotal security
Codat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 3:57 PM
- Hash
- f771e0bea06ce9fdc2a4a7877bde5f47842b80dff3fc056417f0c67b83434619
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: codat Version: 1.0.4 The skill provides an integration for Codat business data using the Membrane platform. It requires the agent to perform high-risk actions including the global installation of an NPM package (@membranehq/cli) and the execution of arbitrary network requests via a third-party proxy (getmembrane.com). While these capabilities are aligned with the stated purpose of managing financial data, the instructions grant the agent broad shell and network access, which are classified as high-risk behaviors under the review criteria (SKILL.md).
- External report
- View on VirusTotal