Back to skill
Skillv0.2.1
VirusTotal security
Line Client · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 4:29 AM
- Hash
- 90acf375b08d3f6023cd5cdacac063636f0360ac4ba688b3a89d0e2c7fa4e7dc
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: line-api Version: 0.2.1 This skill is classified as suspicious due to its use of powerful capabilities that introduce significant attack surface and data handling risks. It runs a local Node.js HTTP server on port 18944 (`src/hmac/signer.js`) and executes WebAssembly (`lstm.wasm`) for HMAC signing. Furthermore, the authentication process involves handling sensitive PINs, which are emitted to stdout by `scripts/qr_login_server.py`, posing a potential information disclosure vulnerability if the agent's environment logs stdout. While the stated purpose of interacting with the LINE API via `line-chrome-gw.line-apps.com` is legitimate, these technical implementations carry inherent risks.
- External report
- View on VirusTotal