Back to skill
Skillv1.0.3
VirusTotal security
Fullcontact · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:52 AM
- Hash
- 35419e18d4cb5ca2bc52e5b252b3789a9ab7909ca5b1b6cf395297f6afd02232
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: fullcontact Version: 1.0.3 The skill instructions in SKILL.md direct the agent to install a global npm package (@membranehq/cli) and execute shell commands to manage FullContact data via the Membrane platform. While these actions are consistent with the stated integration purpose and promote secure credential handling (e.g., avoiding local secrets), the reliance on global software installation and arbitrary shell execution constitutes a high-risk capability profile. No evidence of intentional malice, data exfiltration, or prompt injection was found.
- External report
- View on VirusTotal