Back to skill
Skillv1.0.0
VirusTotal security
Venn Nino · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 23, 2026, 8:21 PM
- Hash
- 9cfb3fa860a0112144541aa8b4978fb241a9176179b55e3c81e73326675d691d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: venn-nino Version: 1.0.0 The skill performs an automated installation of a third-party tool by cloning and building a specific GitHub repository fork (mansilladev/mcporter) during the setup phase (install-vennporter.sh). This 'install-and-execute' pattern introduces significant supply-chain risk and potential RCE, as it runs unvetted code from a personal repository. While the skill's stated purpose is to integrate enterprise SaaS tools via venn.ai, the combination of broad data access (Gmail, Jira, Salesforce) and the execution of external binaries warrants a suspicious classification.
- External report
- View on VirusTotal