Back to skill
Skillv1.0.1
VirusTotal security
Skills Indec MCP · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 30, 2026, 4:33 AM
- Hash
- d57ac1ebd15aeb28fcd62cd2167ed69c21f54a773e846ab32de92b07ce653ffa
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: skillsindex-mcp Version: 1.0.1 The skill is transparent about its operations, explicitly stating that it uses `npx skillsindex-mcp` to run, which involves downloading a package from `npmjs.com` and making network calls to `skillsindex.dev`. The `SKILL.md` documentation clearly outlines all network endpoints, claims no local file access or data exfiltration, and provides links to open-source code. There is no evidence of prompt injection attempts against the AI agent, hidden malicious commands, or unauthorized data access/exfiltration. The use of `npx` is a standard method for running Node.js-based skills and is openly declared, not hidden or used for malicious purposes, aligning with the stated functionality.
- External report
- View on VirusTotal