Back to skill
Skillv0.1.2
VirusTotal security
SchemGuard · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 4:23 AM
- Hash
- 30cf119008b2009ed87105f93bb677df268becccf56bd49586fe434d84ed7412
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: schemaguard Version: 0.1.2 The skill is classified as suspicious due to its reliance on `npx` to download and execute an external package (`@sethclawd/schemaguard`) from the npm registry, as seen in `SKILL.md`. This introduces a significant supply chain risk, as the content of the external package is not directly controlled by the skill bundle and could be compromised or altered over time, potentially leading to the execution of malicious code. While the stated purpose of the commands appears benign (schema diffing, linting), the execution model delegates trust to an external, mutable dependency.
- External report
- View on VirusTotal