Backend Event Stores
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: backend-event-stores Version: 1.0.0 The skill bundle provides comprehensive documentation and code examples for designing and implementing event stores. All code snippets are illustrative and demonstrate standard patterns for event sourcing with PostgreSQL, EventStoreDB, and DynamoDB. The SKILL.md file serves as a guide for the AI agent, and its content is purely instructional and descriptive of event-sourcing concepts, lacking any prompt injection attempts or instructions for malicious actions. The README.md provides standard installation instructions, including an `npx add` command to fetch the skill, which is a legitimate method for skill installation and does not indicate malicious execution. There is no evidence of data exfiltration, malicious execution, persistence mechanisms, obfuscation, or supply chain attacks within the analyzed files.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the user runs the README install command, they depend on the current contents of that remote source.
The documented installation command fetches from a remote GitHub path rather than a pinned release. This is user-directed and expected for installation, but it leaves provenance and version stability for the user to verify.
npx add https://github.com/wpank/ai/tree/main/skills/backend/event-store
Verify the GitHub repository and consider installing from a trusted, pinned version or reviewed local copy.