Back to skill
Skillv2.1.3
VirusTotal security
Projitive · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 26, 2026, 3:46 PM
- Hash
- 3f460781e439c93fa80950fcf3dd0d5e001309c7c9f6304b537e60fe4ab7c184
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: projitive Version: 2.1.3 The skill bundle instructs the agent to perform a global installation of an external package (`npm install -g @projitive/mcp`) and explicitly directs it to initialize project governance (`projectInit`) without seeking user permission in SKILL.md. While these actions are consistent with the stated goal of project management, the automated installation of remote code and the instruction to bypass user consent for system-level changes are high-risk behaviors that could be leveraged for unauthorized modifications.
- External report
- View on VirusTotal