Back to skill
Skillv2.0.3
VirusTotal security
Wechat Publisher Skill · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
BenignApr 4, 2026, 7:01 PM
- Hash
- e886e1a2f40a979c67715467bee66e541e36e0799a9ab326a679cdc3e11a6dea
- Source
- palm
- Verdict
- benign
- Code Insight
- Type: OpenClaw Skill Name: wechat-publisher-403914291 Version: 2.0.3 The skill bundle is a legitimate automation tool for publishing AI-related news to WeChat Official Accounts. The core logic in `scripts/publish.py` handles sensitive credentials (AppID/AppSecret) appropriately via environment variables or local configuration files and communicates only with official WeChat API endpoints (api.weixin.qq.com) and a standard IP detection service (ip-api.com). The bundle includes a local trial and licensing mechanism (8.8 RMB buy-out) that operates transparently without exfiltrating data to the author. No evidence of malicious prompt injection, unauthorized data exfiltration, or hidden execution was found across the code or the extensive documentation.
- External report
- View on VirusTotal