Back to skill
Skillv1.0.0
VirusTotal security
MyVibe Skills · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 3:41 AM
- Hash
- 32ee1cd31b3e3578012e9792f78171b55cbd16c5cc3469caf1065ee5b0a5b8e7
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: myvibe-skills Version: 1.0.0 The skill is classified as suspicious due to several high-risk capabilities, even though the explicit intent appears benign. Key indicators include the requirement for `sandbox_permissions=require_escalated` for network access, the instruction to the AI agent to perform a global `npm install -g agent-browser && agent-browser install` in `SKILL.md` and `generate-screenshot.mjs`, and the dynamic execution of `npx http-server` in `generate-screenshot.mjs`. These actions involve downloading and executing external code and modifying the system environment, which introduces significant supply chain and arbitrary code execution vulnerabilities if the external packages or the agent's execution context were compromised. Additionally, the skill makes network requests to a user-configurable `--hub` URL, which could be abused if the agent is tricked into publishing to a malicious endpoint. While these capabilities are plausible for a publishing and screenshotting skill, they represent substantial attack surfaces without clear evidence of intentional malice.
- External report
- View on VirusTotal