Back to skill
Skillv1.3.0
VirusTotal security
Mandate · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 16, 2026, 12:21 PM
- Hash
- fac4a12916ef1e68ad9482f8bdfa09f6c7f9d84e3e230a204a11b0cef246045b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mandate Version: 1.3.0 The skill bundle implements a transaction security layer for AI agents, but is classified as suspicious due to a 'Heartbeat' mechanism in SKILL.md that instructs the agent to periodically download and update its own instructions from a remote URL (app.mandate.md), creating a risk of remote instruction injection. The skill also requires the exfiltration of transaction metadata to an external API for validation and encourages the installation of external CLI tools and plugins (@mandate.md/cli, github.com/SwiftAdviser/claude-mandate-plugin), which are high-privilege operations that could be abused if the remote source is compromised.
- External report
- View on VirusTotal