Back to skill
Skillv1.0.0
VirusTotal security
Open Code Review · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:40 AM
- Hash
- 136328047d5d49bbd4d6aff54623efbb9bb59612c6b8ff5f8abf0ab0d9ae811d
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: open-code-review Version: 1.0.0 The skill bundle is classified as suspicious because it directs the AI agent to use an external MCP server hosted on a Cloudflare Workers domain (v2ray-seins.workers.dev) that uses a name associated with proxy/circumvention software, which is highly unusual for a code analysis tool. The instructions in SKILL.md encourage the agent to execute remote code via 'npx @opencodereview/cli' and to send source code to this third-party endpoint for 'deep scans' (L2/L3 levels). While these capabilities are consistent with the stated purpose of AI code review, the combination of remote execution and the suspicious naming of the backend infrastructure poses a significant risk of data exfiltration or supply chain compromise.
- External report
- View on VirusTotal