Back to skill
Skillv0.1.0
VirusTotal security
Persona Docs · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMay 1, 2026, 3:45 AM
- Hash
- dc999e5d95b1dc26e8fb7133b205bf06dc4216b44cca0eec6255e988e7313332
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: persona-docs Version: 0.1.0 The skill's core functionality and agent instructions in `SKILL.md` are benign and align with its stated purpose of creating persona documentation. However, the `README.md` file includes an installation instruction (`npx add https://github.com/wpank/ai/tree/main/skills/writing/persona-docs`) that fetches the skill from a remote GitHub repository. This introduces a supply chain vulnerability, as the integrity of the installed skill depends on the security of the external repository, which could be compromised to deliver malicious code. This is classified as suspicious due to this risky installation method, which is a vulnerability, not direct malice within the skill's runtime.
- External report
- View on VirusTotal