Back to skill
Skillv0.1.2
VirusTotal security
Mission Claw · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- f3842ba342fa1989b5409f2e982ee7bb21692c5879c660e3ca6a14071a20925f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: mission-claw Version: 0.1.2 The skill is classified as suspicious primarily due to the `npm install -g mission-claw` instruction in `SKILL.md`. This command introduces a significant supply chain vulnerability, as it instructs the agent to download and execute arbitrary code from an external npm package (mission-claw, hosted on github.com/tsangwailam/mcclaw). While the stated purpose is benign (logging activities to a local dashboard), the mechanism of installing a global package via npm poses a high risk of remote code execution if the external package or its repository were compromised. There is no evidence of intentional malicious behavior within the provided files, such as data exfiltration or prompt injection attempts, and all described network activity is confined to localhost.
- External report
- View on VirusTotal