Back to skill
Skillv1.0.1
VirusTotal security
WeChat Studio · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 8, 2026, 4:31 AM
- Hash
- 8562132c32c0518d9a0fe5d01799e427fde00cd013786e5353de527cf7ade43f
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: content-system-wechat-studio Version: 1.0.1 The skill bundle contains a significant path traversal vulnerability in `frontend/server.py`. The `resolve_workspace_path` function fails to properly sanitize relative paths containing '..', allowing the `/api/assets` endpoint to read arbitrary files from the host system. Additionally, `frontend/extract_live_reference.js` utilizes Playwright to visit arbitrary user-provided URLs, which poses a risk of Server-Side Request Forgery (SSRF). The bundle also includes hardcoded local user paths (e.g., `/Users/Abigale/...`) and directs users to external services like `suxi.ai`, which may indicate improper packaging or environment-specific risks.
- External report
- View on VirusTotal