Back to skill
Skillv0.1.0
VirusTotal security
Ghsa Skill Builder · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:16 AM
- Hash
- 59ca2f2d12e4e98ec4c7cd08835d1e9873828045fc16032dd4ed9ed513b93ea2
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ghsa-skill-builder Version: 0.1.0 The ghsa-skill-builder bundle automates the generation of security auditing skills by fetching data from GHSA and HackerOne. It requires high-risk capabilities, including executing multiple external Python scripts (e.g., scripts/fetch_ghsa.py, scripts/fetch_h1_hacktivity.py), using the GitHub CLI for network operations, and probing the local filesystem (specifically ~/.claude/plugins/) to check for dependencies. While these actions are plausibly necessary for the stated purpose of building a vulnerability pattern library, the broad shell execution and environment fingerprinting represent a significant attack surface without the accompanying script source code for verification.
- External report
- View on VirusTotal