Back to skill
Skillv1.0.6
VirusTotal security
CMDB Compass · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:50 AM
- Hash
- 7df9d4a7484cbdf80d4ab826effdfeef47f61653f442e412ad284831911b3773
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cmdbcompass Version: 1.0.6 The skill provides ServiceNow CMDB governance tools but involves high-risk behaviors, including the handling of administrative credentials (SERVICENOW_PASSWORD) and the execution of a shell script (scripts/install-mcp.sh) that performs a remote package installation via pip (cmdb-compass). While these actions are plausibly required for the skill's stated purpose, the combination of sensitive credential requirements and external code execution during installation constitutes a significant attack surface.
- External report
- View on VirusTotal