Back to skill
Skillv1.0.0
VirusTotal security
小红书长图文发布 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:44 AM
- Hash
- 9fb2d309cf837ba809d37176897dac34b8e1e5470779316169512f0c8f4ba877
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: rednote-publisher Version: 1.0.0 The skill is classified as suspicious because it explicitly requires the `browser.allowHostControl: true` setting in the OpenClaw agent's sandbox configuration (`SKILL.md`). While the skill's direct commands (`browser act click`, `browser act type`) are limited to benign browser DOM manipulation and do not appear to leverage this broad permission, requiring `allowHostControl: true` for such actions is an over-permissioned prerequisite. This significantly increases the attack surface of the OpenClaw environment, presenting a risky capability without clear justification for the skill's stated purpose of publishing long-form notes.
- External report
- View on VirusTotal