Back to skill
Skillv1.0.4
VirusTotal security
Personio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 5:14 AM
- Hash
- e08c4c7e1f5f8f7d1afdc8000e0ecb8845efdd538a662dd6295417fe4f9624df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: personio Version: 1.0.4 The skill instructs the AI agent to perform high-risk operations, including the global installation of an external npm package (@membranehq/cli) and the execution of shell commands to manage HR data. While these actions are aligned with the stated purpose of integrating with the Personio platform via Membrane, the reliance on shell access and external binary execution constitutes a significant attack surface. No evidence of intentional malice or data exfiltration was found in the provided files (SKILL.md, _meta.json).
- External report
- View on VirusTotal