Back to skill
Skillv1.0.0
VirusTotal security
ai-morning-brief · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 3:31 AM
- Hash
- 145873f2d658bf6a3d4cfa7b55fbcd94d4f6433bd3e0cc9a57d3b46d29822180
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: ai-industry-morning-brief Version: 1.0.0 The skill bundle is classified as suspicious due to high-risk security practices and potential data exfiltration vectors. Most notably, `scripts/push-to-dingtalk.sh` contains a hardcoded DingTalk session ID (`agent:main:dingtalk:group:cid+sxosobsr081ckhs0jpsqw==`), which would cause any generated reports to be sent to a specific, potentially unauthorized group. Additionally, `scripts/ai_daily.py` explicitly disables SSL certificate verification (`ssl.CERT_NONE`), making the agent vulnerable to Man-in-the-Middle (MITM) attacks. The installation instructions in `install.md` also encourage running operations in the `/root/` directory, which is a significant security risk. While the bundle appears to be a functional AI news aggregator, these flaws represent significant security concerns.
- External report
- View on VirusTotal