Back to skill
Skillv1.1.0
VirusTotal security
Mini PIV - Lightweight Feature Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:32 AM
- Hash
- 445840f28a8edf978082c62a6fdb0f86b1218ea6b93f41cf62761cc5e8cfcc76
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mini-piv Version: 1.1.0 The skill is classified as suspicious due to its broad system access capabilities, which, while plausibly needed for its stated purpose as a feature builder, inherently carry a higher risk. It instructs the agent and sub-agents to execute various shell commands (`git`, `ls`, `tree`, build/test/lint commands), perform extensive file system operations (read, write, modify project files), and utilize network access for web searches and the `gh` CLI for 'GitHub code search, repo exploration' (in `references/codebase-analysis.md`, `references/execute-prp.md`, `references/generate-prp.md`). While no clear evidence of intentional malicious behavior (e.g., data exfiltration to unauthorized endpoints, persistence, or explicit harmful prompt injection) was found, these powerful capabilities could be misused. Additionally, the owner/repo name 'SmokeAlot420' (in `_meta.json` and `SKILL.md`) is a minor non-technical flag.
- External report
- View on VirusTotal