Back to skill
Skillv1.0.1
VirusTotal security
Elen: Epistemic Decision Tracker · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:35 AM
- Hash
- 0a2e4c16a54030331f310916c98a4952b356c85cd4f6960e1a36324fb9be46d7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: elen-decision-network Version: 1.0.1 The skill instructs the agent to configure an 'Elen MCP server' by executing `npx -y @learningnodes/elen-mcp@0.1.1` as specified in `SKILL.md`. The use of `npx -y` allows for the download and execution of arbitrary code from the npm registry without explicit user confirmation, posing a significant supply chain risk and a potential Remote Code Execution (RCE) vulnerability. While there is no direct evidence of malicious intent within the provided files, this method of installing external dependencies is highly insecure.
- External report
- View on VirusTotal