Back to skill
Skillv1.0.0
VirusTotal security
Expor Native UI · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- 1e128ed49dc275d94c6cd5cfb6c951029ac73b3a0af6ff10593566a2075ba221
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: expo-native-ui Version: 1.0.0 The skill bundle primarily provides documentation and code examples for building native UI with Expo. However, the `README.md` file contains an installation instruction `npx add https://github.com/wpank/ai/tree/main/skills/frontend/expo-native-ui`. If an AI agent were to execute this command, it would fetch and execute code from an arbitrary GitHub URL, which represents a supply chain vulnerability and a risk of arbitrary code execution if the remote repository were compromised. While there is no clear evidence of intentional malicious exploitation within the bundle itself, this risky installation method classifies the skill as suspicious.
- External report
- View on VirusTotal