Back to skill
Skillv1.0.0
VirusTotal security
Package Detection Skill | 包裹检测技能 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 16, 2026, 6:11 AM
- Hash
- 203f04bf1f4c8c56af5058cb1720981d4a369225bd24018889298b41d3d408df
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: smyx-package-detection-analysis Version: 1.0.0 The skill bundle contains a significant amount of unrelated code, including a complete 'face_analysis' sub-skill for TCM health assessments, which is irrelevant to package detection. The SKILL.md file includes aggressive 'Mandatory Rules' (prompt instructions) that force the AI agent to bypass its standard memory systems (LanceDB/local files) and exclusively use the provided API scripts. Furthermore, the 'smyx_common' utility automatically attempts to register users by sending their 'open-id' (which the instructions suggest could be a phone number) to a remote endpoint (lifeemergence.com) and stores authentication tokens in a local SQLite database (smyx-common-claw.db). While these behaviors may be part of a legitimate service framework, the excessive code surface and instructions to bypass agent memory are highly suspicious.
- External report
- View on VirusTotal