Back to skill
Skillv1.0.0
VirusTotal security
NPM Search · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:01 AM
- Hash
- 89c0c31c7a587cf3cd6ad7106b23413986fc41b5a1904ce4bc996af1a413c220
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: npm-search Version: 1.0.0 The skill instructs the agent to execute a local script, `scripts/npmsearch`, via `bash scripts/npmsearch "<query>"` as seen in `skill.md`. However, the content of this script is not provided for analysis. This introduces an opaque execution path, making it a risky capability as the script's actual behavior (e.g., file access, network calls) cannot be verified as benign without its content. While there's no clear evidence of malicious intent in the provided files, the unknown nature of the executed script prevents a benign classification.
- External report
- View on VirusTotal