Back to skill
Skillv1.0.0
VirusTotal security
wechat-article-fetcher · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewMar 22, 2026, 4:21 AM
- Hash
- d1a0466b5d7b66be4d7cf6606d93dae9be81e4657a4531ef8d1b1603e0a6892a
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: aga-wechat-article-fetcher Version: 1.0.0 The skill bundle functions as a WeChat article scraper but contains risky behaviors, specifically the automatic background execution of a Python HTTP server in 'fetch.sh'. This server is launched in the '/root/.openclaw/workspace' directory, which could potentially expose other sensitive files within the agent's workspace to the local network. While this capability is documented in 'SKILL.md' and 'README.md' as a feature for local previewing, the lack of access control and the background persistence make it a security risk, though no clear evidence of intentional malice or data exfiltration was found in 'fetch.py'.
- External report
- View on VirusTotal