Back to skill
Skillv1.0.0
VirusTotal security
中考真题检索 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 28, 2026, 3:01 AM
- Hash
- 11a513ce904a7a2716ef519aefe5238593ae572fbfd28670e3a025149e709d2a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: zhongkao-exam-search Version: 1.0.0 The skill bundle contains functional scripts for searching and downloading exam papers but includes significant security vulnerabilities. Specifically, `scripts/download.py` explicitly disables SSL certificate verification (`ssl.CERT_NONE`), which exposes the system to Man-in-the-Middle (MITM) attacks. Additionally, the download script lacks input sanitization for the output file path, potentially allowing path traversal. While these flaws appear to be unintentional bugs or 'lazy' coding rather than intentional malice, they represent high-risk behaviors that warrant a suspicious classification according to the security threshold.
- External report
- View on VirusTotal