Back to skill
Skillv1.0.0
VirusTotal security
Decision Frameworks · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- 8d2a0cd7dfe19f80fae564683c30e19672b517e8559cb01b0bcbb062388031ff
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: decision-frameworks Version: 1.0.0 The skill bundle is classified as suspicious due to a non-standard and potentially risky installation command found in `README.md`. The command `npx add https://github.com/wpank/ai/tree/main/skills/meta/decision-frameworks` attempts to install the skill directly from a GitHub URL using `npx add`. While the core content of `SKILL.md` is benign and instructional, this `npx add` command is not a standard `npx` operation and, depending on the execution environment's configuration, could represent a supply chain vulnerability if it downloads and executes arbitrary code without proper validation. There is no clear evidence of intentional malicious payload or prompt injection against the agent within the skill's content itself.
- External report
- View on VirusTotal