Back to skill
Skillv1.0.0
VirusTotal security
newspaper-download-skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 12, 2026, 9:01 AM
- Hash
- ce9c6689d4be0ab09ea565e1e935446b2aa6293769f7c02a6af2f5576eb8d9d6
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: newspaper-download-skill Version: 1.0.0 The skill bundle contains a Python script (scripts/get_data.py) that intentionally disables SSL certificate verification (ssl.CERT_NONE) and bypasses system proxies to communicate with pick-read.vip. While these behaviors are documented as workarounds for connectivity issues in AI sandboxes, they constitute a significant security vulnerability by exposing the user's 'import_token' to potential Man-in-the-Middle (MITM) attacks. Per the instructions, this high-risk vulnerability is classified as suspicious rather than malicious as it appears to be a functional choice rather than an intentional exploit.
- External report
- View on VirusTotal