Back to skill
Skillv1.0.0
VirusTotal security
Marketing Mode · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:03 AM
- Hash
- afb6c097c76fc0c4e9345e3be45ae0ad3063a5c59dd2c6a57d6c5833952f8d36
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: marketing-mode Version: 1.0.0 The skill is classified as suspicious due to the use of `npm install -g @thesethrose/marketing-mode` in `skill.json` and `SKILL.md`. This instruction installs a global npm package, which represents a significant supply chain risk. While this might be necessary for the skill's intended functionality, it allows for arbitrary code execution from an external source, making it a high-risk capability without clear evidence of intentional malicious behavior within the provided files. The prompt injection surfaces in `SKILL.md` and `mode-prompt.md` appear benign, defining a marketing strategist persona and providing relevant knowledge.
- External report
- View on VirusTotal