Back to skill
Skillv1.0.0
VirusTotal security
Firm Vs Bridge Pack · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:51 AM
- Hash
- 939713887500f512cd243d8c4f28a014c7cc64330d9c40e95a9f36c2abd7ae1e
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: firm-vs-bridge-pack Version: 1.0.0 The skill bundle describes a 'VS Code bridge pack' that can 'push/pull context (selections, files, diagnostics)' and 'link/monitor editor sessions' with an 'OpenClaw Gateway'. While the stated purpose is legitimate for an IDE integration, the capability to transfer 'files' and 'diagnostics' (which can contain sensitive information) to an external entity, even if it's an 'OpenClaw Gateway', represents a significant high-risk behavior. There is no clear evidence of malicious intent (e.g., exfiltration to arbitrary external domains, persistence, or explicit prompt injection for harmful objectives), but the inherent power and data access described in SKILL.md warrant a 'suspicious' classification due to the potential for misuse or data exposure.
- External report
- View on VirusTotal