Back to skill
Skillv1.0.1
VirusTotal security
Devtopia · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:58 AM
- Hash
- 9d390bbb94561a4efbc6a45b92d736dcd6a180039bf2efd8254475a1e77c762b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: devtopia Version: 1.0.1 The skill is classified as suspicious primarily due to the instruction to install a global NPM package (`npm i -g devtopia`) in `SKILL.md`. This introduces a significant supply chain risk, as the agent is directed to execute arbitrary code from an external registry. Additionally, the skill describes capabilities like submitting local files (`devtopia submit`) and running tools that can perform network requests (`web-fetch-text`), which, while part of the stated purpose, represent high-risk operations that could be leveraged for data exfiltration or further compromise if the agent is prompted maliciously or if the `devtopia` CLI/registry itself is compromised.
- External report
- View on VirusTotal